B Intersight Managed Mode Configuration Guide
B Intersight Managed Mode Configuration Guide
B Intersight Managed Mode Configuration Guide
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
© 2020–2021 Cisco Systems, Inc. All rights reserved.
CONTENTS
Server Profiles 31
Creating a UCS Server Profile 36
UCS Server Profile Details 37
Domain Policies 45
Creating a Port Policy 48
Creating an Ethernet Network Group Policy 53
Creating an Ethernet Network Control Policy 54
Creating a VLAN Configuration Policy 55
Creating a VSAN Configuration Policy 56
Creating an NTP Policy 58
Creating a Network Connectivity Policy 58
Creating an SNMP Policy 60
Creating a System QoS Policy 62
Creating a Syslog Policy 63
Creating a Switch Control Policy 65
Creating a Flow Control Policy 67
Creating a Link Aggregation Policy 68
Creating a Link Control Policy 69
Server Policies 74
Creating a Policy 80
Supported UCS Server Policies 80
Creating an Adapter Configuration Policy 83
Creating a LAN Connectivity Policy 85
Creating an Ethernet Adapter Policy 89
Creating an Ethernet QoS Policy 96
Creating an Ethernet Network Policy 97
Creating an Ethernet Network Group Policy 101
Creating an Ethernet Network Control Policy 102
Creating a SAN Connectivity Policy 103
Creating a Fibre Channel Adapter Policy 106
Creating a Fibre Channel Network Policy 109
Creating a Fibre Channel QoS Policy 110
Creating a BIOS Policy 111
Creating a Boot Order Policy 124
Configuring an iSCSI Boot Policy 129
Creating an iSCSI Adapter Policy 132
Creating an iSCSI Static Target Policy 133
Creating a Device Connector Policy 133
Creating a Disk Group Policy 134
Creating an IMC Access Policy 136
Creating an IPMI Over LAN Policy 137
Creating an LDAP Policy 138
Creating a Local User Policy 143
Creating an NTP Policy 145
Creating an SD Card Policy 146
Create a Serial Over LAN Policy 148
Create SSH Policy 150
Creating a Virtual KVM Policy 151
Creating a Virtual Media Policy 152
Pools 179
IP Pools 179
Creating an IP Pool 180
IP Pool Details 181
MAC Pools 181
Creating a MAC Pool 181
MAC Pool Details 182
UUID Pools 182
Creating a UUID Pool 183
UUID Pool Details 184
WWN Pools 184
Creating a WWNN Pool 185
WWNN Pool Details 186
Creating a WWPN Pool 186
WWPN Pool Details 187
IQN Pools 187
Creating an IQN Pool 187
IQN Pool Details 188
Resource Pools 189
Note Before erasing the configuration, you must ensure to unclaim the device from Intersight and decommission
all rack servers.
• Before you set up Intersight Managed Mode, please review the system requirements, supported hardware
and software, and the steps required to migrate from UMM to IMM.
• For latest updates on Intersight features and functionality, see Help Center.
• Servers in IMM mode require a minimum of Essentials license.
Supported Hardware
The following table lists the supported hardware:
Note • The Intersight Managed Mode (IMM) features are now made Generally Available supporting scale up
to 10 chassis and 80 blade servers.
• The operations that can be run on multiple servers in parallel is limited to 50 servers.
• The Fabric Interconnect port licensing is required in IMM but will not be enforced until a future date.
• In IMM, after discovery of a rack server, online swapping of cables on rack network adapters between
Fabric Interconnects is not supported.
• Cisco HyperFlex hyperconverged infrastructure is currently not supported in IMM.
The minimum supported firmware version for Intersight Managed Mode is 4.1(3)
*1
UCS-IOM-2408 requires Cisco UCS Intersight Infra 4.1(2b) and later.
Note All the discovered servers, chassis, and Fabric Extenders (FEX) must be decommissioned before changing
the management mode.
The erase configuration option, which is available in both management modes, allows you to clear the existing
configuration and reboot the Fabric Interconnects. After the Fabric Interconnects are rebooted, the initial
configuration screen appears, and you can configure the Fabric Interconnects with the appropriate management
mode.
This configuration process is valid only for Cisco UCS 6400 Series Fabric Interconnects in a cluster setup.
To configure the Fabric Interconnects in a cluster:
After completing the initial configuration of the Fabric Interconnects, you must claim them for use with the
Cisco Intersight platform. For more information about claiming devices in Cisco Intersight, see Target Claim
in Intersight Managed Mode.
After you claim the Fabric Interconnects, they appear in the list of available devices. The device type for
Fabric Interconnects managed through Cisco Intersight is Intersight Managed Domain. The Device IP field
shows the IP addresses of both the Fabric Interconnects, and the Device ID field shows the serial numbers of
both the Fabric Interconnects. The Fabric Interconnects now appear in the Fabric Interconnects table view.
After you claim the Fabric Interconnects, you must configure the ports on the Fabric Interconnect to discover
the connected chassis and servers. For each Fabric Interconnect, you can view the properties, and an inventory
of its components, including ports, fan modules, and power supply units (PSUs).
Step 5 Enter y to confirm that you want to continue the initial setup.
Step 6 To use a strong password, enter y
Step 7 Enter the password for the admin account. For more details, see Fabric Interconnect Password Guidelines.
Step 8 To confirm, re-enter the password for the admin account.
Step 9 Enter yes to continue the initial setup for a cluster configuration.
Step 10 Enter the Fabric Interconnect fabric (either A or B ).
Step 11 Enter the system name.
Step 12 Enter the IPv4 or IPv6 address for the management port of the Fabric Interconnect.
If you enter an IPv4 address, you will be prompted to enter an IPv4 subnet mask. If you enter an IPv6 address, you will
be prompted to enter an IPv6 network prefix.
Step 13 Enter the respective IPv4 subnet mask or IPv6 network prefix, then press Enter.
You are prompted for an IPv4 or IPv6 address for the default gateway, depending on the address type you entered for
the management port of the Fabric Interconnect.
Step 15 Enter the IPv4 or IPv6 address for the DNS server.
The address type must be the same as the address type of the management port of the Fabric Interconnect.
Step 16 Enter yes if you want to specify the default Domain name, or no if you do not.
Step 17 (Optional) Enter the default Domain name.
Step 18 Review the setup summary and enter yes to save and apply the settings, or enter no to go through the setup again to
change some of the settings.
If you choose to go through the setup again, it provides the values that you previously entered, and the values appear
in brackets. To accept previously entered values, press Enter.
Example
Here is an example of how to configure Fabric Interconnect-A in Cisco Intersight management mode
for a cluster configuration using the console and management addresses:
Enter the configuration method (console/gui)? console
Enter the management mode [ucsm/intersight]? intersight
You have chosen to setup a new Fabric Interconnect in “intersight” managed mode. Continue?
(y/n): y
Enforce strong password? (y/n) [y]:n
Management Mode=intersight
Switch Fabric=A
System Name=UCS-A
Enforced Strong Password=no
Physical Switch Mgmt0 IP Address=15.XX.XX.XX
Physical Switch Mgmt0 IP Netmask=255.255.255.X
Default Gateway=15.XX.XX.XX
Ipv6 value=0
DNS Server=15.XX.XX.XX
Apply and save the configuration (select 'no' if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.
Configuration file - Ok
What to do next
Configure the Fabric Interconnect-B using the console.
Example
Here is an example of how to configure Fabric Interconnect-B in Cisco Intersight management mode
for a cluster configuration using the console and management addresses:
Enter the configuration method. (console/gui) ? console
Installer has detected the presence of a peer Fabric interconnect. This Fabric interconnect
will be added to the cluster. Continue (y/n) ? y
Peer FI is IPv4 Cluster enabled. Please Provide Local Fabric Interconnect Mgmt0 IPv4 Address
Apply and save the configuration (select 'no' if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.
Configuration file - Ok
What to do next
Claim the Intersight Managed Domain through Cisco Intersight. For more information, see Target Claim in
Intersight Managed Mode.
• Must not contain a character that is repeated more than three times consecutively, such as aaabbb.
• Must not be identical to the username or the reverse of the username.
• Must pass a password dictionary check. For example, the password must not be based on a standard
dictionary word.
• Must not contain the following symbols: $ (dollar sign), ? (question mark), and = (equals sign).
• Should not be blank.
In addition to the Fabric Interconnect Health status, you can view the following information in the Fabric
Interconnects Details page:
• Name
• Peer Switch—Name of Fabric Interconnect A or B, depending on the device you choose to view. Click
Peer Switch to view the details of the other Fabric Interconnect.
• Model—The model number of the Fabric Interconnect
• Expansion Modules—The number of expansion modules in the Fabric Interconnect
• Serial—The serial number of the Fabric Interconnect
• Management IP—The IP address of the management interface on the Fabric Interconnect
• Switch Profile—The name of the switch profile created for the UCS Domain to which the Fabric
Interconnect belongs
• Switch Profile Status—The current status of the switch profile associated with the Fabric Interconnect
• Firmware Version—The firmware version running on the Fabric Interconnect
• Ports—The total number of ports
• Used—The number of used ports
• Available—The number of ports available for use
• Tags—The existing tags for the Fabric Interconnects. You can add new tags, or modify the existing ones
from Manage tags
The Properties area displays a graphical view of the Fabric Interconnect. The Health Overlay function
enables you to monitor the health of the ports on the Fabric Interconnect. Additionally, this area provides the
following information:
• Mode—UCS Fabric Interconnects operate in two main switching modes: Ethernet or Fibre Channel.
These modes are independent of each other. They determine how the Fabric Interconnect behaves as a
device between the server and network/server and storage device.
• Ethernet Mode—The Ethernet switching mode determines how the Fabric Interconnect behaves
as a switching device between the servers and the network. The Fabric Interconnect operates in
either of the following Ethernet switching modes:
• End-Host Mode—Allows the Fabric Interconnect to act as an end host to the network,
representing all servers (hosts) connected to it through virtual Network Interface Cards (vNICs).
• Switch Mode—Allows the Fabric Interconnect to run STP to avoid loops. Broadcast and
multicast packets are handled in the traditional way.
• FC Mode—The Fibre Channel switching mode determines how the Fabric Interconnect behaves
as a switching device between the servers and storage devices. The Fabric Interconnect operates in
either of the following Fibre Channel switching modes:
• End-Host Mode—Allows the Fabric Interconnect to act as an end host to the connected fibre
channel networks, representing all servers (hosts) connected to it through virtual Host Bus
Adapters (vHBAs).
• Switch Mode—Allows the Fabric Interconnect to connect directly to a storage device.
• Admin Evac State—Specifies the evacuation state of Fabric Interconnect traffic. This can be one
of the following options:
• Disabled—Restarts traffic on the Fabric Interconnect.
• Enabled—Stops traffic on the Fabric Interconnect.
• Oper Evac State—Specifies the operational evacuation state of Fabric Interconnect traffic.
• FC Zone Count
• FC Zone Limit—The maximum number of Fibre Channel zones allowed on this Fabric Interconnect.
• FC User Zone Limit—The maximum number of user-created Fibre Channel zones allowed on this
Fabric Interconnect.
• FC Zone Count—The number of Fibre Channel zones defined on this Fabric Interconnect.
• FC User Zone Count—The number of user-created Fibre Channel zones defined on this Fabric
Interconnect.
• Access
• IP Address—The IP address to use when communicating with the Fabric Interconnect.
• Subnet Mask—The subnet mask associated with the IP address.
• Default Gateway—The gateway associated with the IP address.
• MAC—The MAC address.
Alarms
Intersight provides fault monitoring capabilities to track and set up alarms for all managed UCS and HyperFlex
systems. An alarm alerts you about a failure in the setup (a fault) or a threshold that has been raised. An alarm
in Intersight includes information about the operational state of the affected object at the time the fault was
raised. Click on a specific alarm to view the fault code, the source type and name, component on which the
fault occurred, and a description of the fault.
Note Intersight managed devices must be running with firmware version of 4.1(3) or later releases to generate
alarms.
Click on any of the categories to view more details about the alarms.
• All(Info)—Displays the total number of faults both Critical and Warning.
• Critical—Displays the total number of Critical faults. Raised when a service-affecting condition requires
an immediate corrective action. For example, the severity could indicate that the managed object is out
of service and its capability must be restored immediately.
• Warning—Displays the total number of Warning faults. Raised when a potential or impending
service-affecting fault occurs.
This fault could have no significant or immediate effects on the system. A warning status indicates that
you must take the appropriate action to diagnose the fault and correct the problem to prevent it from
becoming a more serious service-affecting fault.
Note: The Fabric Interconnects models supported in Intersight Managed Mode are:
• UCS-FI-6454
• UCS-FI-64108
and
The Fabric Interconnects models supported in UCSM Managed Mode are:
• UCS-FI-6248UP, UCS-FI-6296UP
• UCS-FI-6332, UCS-FI-6332-16UP
• UCS-FI-M-6324
• UCS-FI-6454
• UCS-FI-64108
• Local Storage—You can see a summary of the partitions on the Fabric Interconnect, including details
such as their size and current usage.
• Network
• Fabric Extenders—The details of the Fabric Extenders that are connected to the Fabric Interconnect.
These details are Name, Health, Model, Vendor, and Serial.
• Decommissioned
• Devices—The details of decommissioned devices. These details are Type, Model, Serial,
Decommissioned Date.
• Tags—The existing tags for the Domain. You can add new tags, or modify the existing ones from Manage
tags.
• Policies
View the Policies that are attached to the UCS Domain profile. The Policies pane displays details of the
Port, VLAN and VSAN, and UCS Domain Configuration. A graphical representation of the ports
configuration on the Fabric Interconnects, including port roles and port channels and a list of associated
policies is displayed. The VLAN, VSAN, and UCS Domain Configuration lists the Domain policies
associated with the selected Domain profile.
After the server ports are configured and applied, all the chassis and FEX that are connected to the Fabric
Interconnect are automatically discovered. During discovery, the chassis and FEX will auto sync firmware
with the Fabric Interconnect if their firmware versions do not match the firmware version of the Fabric
Interconnect. Because of this, it may take 25-30 minutes for the chassis and FEX to appear in the GUI. You
can check the chassis and FEX status through the nxos CLI by using the show fex command.
Chassis Actions
From the left navigation panel, click Chassis for the Chassis table view. You can perform the following
operations to manage one or more chassis.
Chassis Actions
• Rediscover—Rediscovering the chassis initiates the chassis discovery process and then the chassis
inventory process.
• Decommission—Decommissioning is performed when a chassis is physically present and connected,
but you want to temporarily remove it from the Cisco Intersight configuration. This action removes the
chassis and IOM inventories. Because it is expected that a decommissioned chassis will be eventually
recommissioned, a portion of the chassis information, including the chassis ID, is retained by Cisco
Intersight.
• Remove—Removing a chassis involves physically removing a chassis from the system.
Before removing a chassis from the system, ensure that you unconfigure the server ports to which the
chassis is connected. After the physical removal of the chassis is completed, the configuration for that
chassis is removed from Cisco Intersight.
If you need to add a chassis, which was earlier removed, back to the Cisco Intersight configuration, it
must be reconnected and then rediscovered. During rediscovery Cisco Intersight will assign the chassis
a new ID that may be different from ID that it was assigned earlier.
• Recommission—Recommissioning a chassis brings the chassis and IOM back online and initiates the
chassis discovery process and then the chassis inventory process. After this action is complete, you can
access the chassis and any servers in it.
A list of decommissioned chassis is available in the Devices area under Fabric Interconnects > Fabric
Interconnect Name > Connections > Decommissioned.
FEX Actions
From the left navigation panel, click Fabric Interconnects > Fabric Interconnect Name > Connections >
Fabric Extenders for the FEX table view. You can perform the following operations to manage one or more
FEX.
FEX Actions
• Decommission—Decommissioning is performed when a FEX is physically present and connected, but
you want to temporarily remove it from the Cisco Intersight configuration. This action takes the FEX
offline and removes the FEX inventory. Because it is expected that a decommissioned FEX will be
eventually recommissioned, a portion of the FEX information is retained by Cisco Intersight.
• Remove—Removing a FEX involves physically removing a FEX from the system. After the physical
removal of the FEX is completed, the configuration for that FEX is removed from Cisco Intersight.
To add a removed FEX back to the Cisco Intersight configuration, it must be reconnected to server ports
that are configured on the Fabric Interconnect. The FEX is automatically discovered. During discovery
Cisco Intersight will assign the FEX a new ID that may be different from ID that it was assigned earlier.
• Recommission—Recommissioning a FEX brings the FEX back online, initiates the FEX discovery
process and then the FEX inventory process. After this action is complete, you can access the FEX.
A list of decommissioned FEX is available in the Devices area under Fabric Interconnects > Fabric
Interconnect Name > Connections > Decommissioned.
• Turn On Locator—Turn on the LED Locator on the selected FEX. Locators are indicators that help
direct administrators to specific nodes in large data center environments.
• Turn Off Locator—Turn off the LED Locator on the selected FEX. Locators are indicators that help
direct administrators to specific nodes in large data center environments.
The Properties area provides a graphical representation of the front and rear view of the chassis, the health
overlay for the chassis, and an overview of the hardware properties of the chassis and its components.
The Alarms area in Cisco Intersight provides fault monitoring capabilities to track and set up alarms for all
managed UCS systems. An alarm alerts you about a failure in the endpoint (a fault) or a threshold that has
been raised.
Note In the Cisco UCS X-series chassis, each Intelligent Fabric Module
(IFM) contains fan modules. When you click a fan module, you can
view the properties and operational state of the fans.
• XFM Modules—You can see a summary of the X-Fabric Modules (XFM) in the chassis. Each XFM
contains fan modules. When you click a fan module, you can view the properties and operational state
of the fans.
Note The XFM slots are present only in the Cisco UCS X-series chassis.
• Fan Modules—You can see a summary of the fan modules in the chassis. When you click a specific fan
module, you can view the list of fans on the fan module, properties, and graphical view of that fan module.
• PSUs—You can see a summary of the Power Supply Units (PSUs) in the chassis. When you click a
specific PSU, you can view the properties and graphical view of that PSU.
• Servers—You can see a summary of the servers in the chassis, including details such as their health,
model, and serial number.
• Tags—The existing tags for the Fabric Extender. You can add new tags, or modify the existing ones
from Manage tags.
• Network
• Switches—Displays the details of the Fabric Interconnects that are connected to the FEX. These
details are Name, Health, Model, Vendor, and Serial.
Server Actions
The server actions enable you to manage the server. In Cisco Intersight, when you click on Servers, the Servers
Table view is displayed. In Servers Table view page, click the Ellipsis (…) icon to perform server actions.
Server Actions: You can perform the following operations to manage a server:
• Power
• Power On—Turns on the power of the server.
• Power Off—Turns off the power of the server.
• Power Cycle—Turns off and on for the server.
• Hard Reset—Reboots the server.
• Shut Down OS—Shuts down the server if supported by an operating system.
• System
• Turn On Locator—Turns on the LED Locator.
• Turn Off Locator—Turns off the LED Locator.
• Reset CMOS—Resets the BIOS configuration settings to the original state hence helps in recovery
when the server is not in a healthy state. The option to reset CMOS appears only when the server
is powered off. For the reset to complete, the server must be powered on. There is an additional
option to power on the server using the toggle button present in the Reset CMOS confirmation
window.
• Lock Front Panel—Locks the physical power button on the server. For a server that already has
the front panel locked, this option appears as Unlock Front Panel.
• Set License Tier—Update the server to a new license tier. Updating license tier is not allowed on server(s)
with an associated server profile. To move the license to another tier, unassign the profile from one or
more selected servers and try again.
• System
• Turn On Locator—Turn on the LED Locator.
• Turn Off Locator—Turn off the LED Locator.
• Reset CMOS—Resets the BIOS configuration settings to the original state hence helps in recovery
when the server is not in a healthy state. The option to reset CMOS appears only when the server
is powered off. For the reset to complete, the server must be powered on. There is an additional
option to power on the server using the toggle button present in the Reset CMOS confirmation
window.
• Lock Front Panel—Locks the physical power button on the server. For a server that already has
the front panel locked, this option appears as Unlock Front Panel.
• Install Operating System—Perform an unattended OS installation on one or more Cisco UCS C-Series
Standalone servers from your centralized data center through a simple process.
• Upgrade Firmware—Perform a firmware upgrade.
• Set License Tier—Update one or more servers to a new license tier. Updating license tier is not allowed
on server(s) with an associated server profile. To move the license to another tier, unassign the profile
from one or more selected servers and try again.
• Import Foreign Configurations—Imports the virtual drives and adds them to the RAID controller
configuration.
• Clear Foreign Configurations—Clears or erases all the data stored on the physical drives or the
virtual drives.
• TPM—Trusted Platform Module (TPM) enables protection to data and hardware components of the
claimed server. TPM also enables you to view the state of the key identifiers and a summary of hardware
details.
You can view the following components of TPM:
• Key identifiers
• Activation Status
• Enabled State
• Hardware
• Ownership
Note This property can be viewed only for TPM 1.2 version.
• Version
• Model
• Vendor
• Serial
• Firmware Version
Note This property can be viewed only for TPM 2.0 version.
Tools, and for instructions on how to use the OS Discovery Tool, see Compliance with Hardware Compatibility
List (HCL) in Resources.
Important • Cisco Intersight supports attaching one port policy per UCS Domain profile.
• Policies that are attached to a UCS Domain profile can be created ahead of creating a profile or during
the creation of the profile.
• Policies that are attached to a UCS Domain and the global policies of all UCS Domain Profiles associated
with a specific UCS Domain are shared.
Step 1 Log in to Cisco Intersight with your Cisco ID and select admin role.
Step 2 Navigate to Service Profiles > UCS Domain Profiles tab, and click Create UCS Domain Profile.
Step 3 On the General page, enter a name for your profile. Optionally, include a short description and tag information to help
identify the profile. Tags must be in the key:value format. For example, Org: IT or Site: APJ.
Step 4 On the UCS Domain Assignment page, assign a switch pair to the Domain profile. You can also click Assign Later
and assign a switch pair to the Domain profile at a later time.
Step 5 Click Next.
Step 6 On the Ports Configuration page, attach a port policy for each switch to the UCS Domain Profile and click Next.
Step 7 On the VLAN & VSAN Configuration page, attach VLAN and VSAN policies for each switch to the UCS Domain
Profile and click Next.
Step 8 On the UCS Domain Configuration page, attach the required compute and management policies to the UCS Domain
Profile and click Next.
Note: In this step, it is mandatory to create and attach the Switch Control Policy to enable VLAN port count optimization.
Step 9 On the Summary page, verify the details of the UCS Domain Profile and the policies attached to it.
Step 10 Click Deploy to deploy the UCS Domain Profile to the assigned Fabric Interconnect Domain.
Last Update The date and time that the UCS Domain Profile
was last updated.
• View the Policies that are attached to the UCS Domain profile. The Policies pane displays details of the
Ports, VLAN and VSAN, and UCS Domain Configuration. A graphical representation of the ports
configuration on the Fabric Interconnects, including port roles and port channels and a list of associated
policies is displayed. The VLAN, VSAN, and UCS Domain Configuration lists the Domain policies
associated with the selected Domain profile.
Server Profiles
In Cisco Intersight, a Server Profile enables resource management by streamlining policy alignment, and
server configuration. You can create Server Profiles using the Server Profile wizard or you can import the
configuration details of C-series servers in standalone mode and FI-attached servers in Intersight Managed
Mode (IMM), directly from Cisco IMC. You can create Server Profiles using the Server Profile wizard to
provision servers, create policies to ensure smooth deployment of servers, and eliminate failures that are
caused by inconsistent configuration. The Server Profiles wizard groups the server policies into the following
four categories to provide a quick Summary View of the policies that are attached to a profile:
• Compute Policies—BIOS, Boot Order, and Virtual Media.
• Network Policies—Adapter Configuration, iSCSI Boot, LAN Connectivity, and SAN Connectivity
policies.
• The LAN Connectivity policy requires you to create Ethernet Network Policy, Ethernet Adapter
Policy, and Ethernet QoS Policy. When you attach a LAN Connectivity policy to a server profile,
the addresses of the MAC address Pool, or the static MAC address, are automatically assigned.
Note A LAN Connectivity policy that has a static MAC address can
be attached to only one server profile.
• The SAN Connectivity policy requires you to create Fibre Channel Network Policy, Fibre Channel
Adapter Policy, and Fiber Channel QoS Policy. When you attach a SAN Connectivity policy to a
server profile, the addresses of the WWPN and WWNN Pools, or the static WWPN and WWNN
addresses, are automatically assigned.
For more information and descriptions of the policies, see the Server Policies section. For an example of the
policy creation workflow, see Creating Network Policies.
After creating Server Profiles, you can edit, clone, deploy, attach to a template, create a template, detach from
template, or unassign them as required. From the Server Profiles table view, you can select a profile to view
details in the Server Profiles Details view.
• A server profile can be used to create a template. This template can then be used to create multiple profiles
with same configurations and deployed on multiple servers.
• While template creation, if you toggle ON the Attach UCS Server Profile to Profile Template button,
the selected profile gets attached to the template under creation.
If you keep the toggle button OFF, the selected profile's properties are carried to the template but the
profile does not get attached to it.
• A server profile can be attached to an existing template. This attachment overrides the config properties
of the profile and replaces them with the template properties.
• A server profile attached to a template cannot be modified. The modifications can be done in the associated
template.
• A server profile can be detached from a template and modified as per the requirements.
• A detached server profile can always be reattached to a template.
The Server Profile List View displays the Name, Status, Target Platform, UCS Server Template, Server,
Last Update timestamp of the policy deployment to reflect the edits to the profile, attached template, or the
referenced policies.
Clicking on a profile redirects to the Server Profile Details View that displays the configuration details of
the policies attached to the profile.
The Status of the profiles can have any of the following values:
• Not Deployed—Policies are assigned but not deployed to the Server Profile.
• Not Assigned—Policies are not assigned to the Server Profile.
Note • Once you deploy policies to the Server Profile, the status changes
automatically from Not Assigned to the new status depending
on the outcome. You may need to Refresh your screen to view
the updated status.
• You must do the Power Cycle/Power ON after each profile
deployment.
Last Deployed Settings Displays the latest policy settings deployed on the
server profile.
To move the Server Profile status back to OK, you can either redeploy the profile or change the values at the
endpoint. You can use the Device Connector Policy in Intersight to control configuration changes allowed
from Cisco IMC. In the Device Connector Policy, choose Configuration from Intersight only to stop allowing
configuration changes from Cisco IMC directly.
Limitations of Server Profile Drift
Configuration changes at the endpoint will not be detected for the following policies under these specific
conditions:
Boot Order Policy If the Power Cycle is not done after every deployment.
Local User, SNMP, LDAP, and IPMI over LAN If there are changes to the Password at the endpoint.
Policy
Virtual Media policy If there are changes to the Password, Mount Options,
or Authentication Protocols at the endpoint.
IPMI over LAN policy 'Privilege Level’ field will not be considered.
Network Connectivity Policy ‘Preferred IPv6 DNS Server’ and ‘Alternate IPv6
DNS Server’ fields in the policy will not be
considered. Server Profile may move to Out of Sync
status temporarily.
Adapter Configuration Policy This policy will not be considered for drift calculation.
IMC Access Policy If both In-Band IPv6 and IPv4 configurations are
available, the IPv6 DNS configuration is prioritized.
Note A partially imported server profile cannot be attached to a template or cannot be used for creating a template.
For more information on how to import a Server Profile Import and about the detection of manual configuration
changes at the endpoint, see Importing a Server Profile in Resources.
Note A Server profile can also be derived from Server Profile Templates. For more details, see Server Profile
Templates
Step 1 Log in to Cisco Intersight with your Cisco ID and select admin role.
Step 2 Navigate to Service Profiles > UCS Server Profiles tab, and click Create UCS Server Profile.
Step 3 On the General page, enter the following information:
a) Name of your server profile.
b) Target Platform for which the profile is applicable. This can be Standalone servers or FI Attached servers.
A UCS server profile created for Standalone servers cannot be deployed on FI Attached servers. Similarly, a UCS
server profile created for FI Attached servers cannot be deployed on Standalone servers.
c) (Optional) Tag for the profile. Tags must be in the key:value format. For example, Org: IT or Site: APJ.
d) (Optional) Description to help identify the profile.
Step 4 On the Server Assignment page, assign a server to the server profile. You can choose any of the following options for
the server assignment:
• Assign Now—Use this option for an immediate assignation of a server to the server profile.
• Assign Server from a Resource Pool—Use this option to assign a server from a resource pool to the server
profile.
• Assign Later—Use this option to assign a server to the server profile at a later time.
The server assignment table displays list of servers or resource pools and their details. You can use any of the following
options:
• Show All to view all the servers or resource pool currently present
• Show Selected to view the current server or resource pool selected
• Unselect to remove the selection.
c) Click Next.
Step 7 On the Management page, attach the required policies to the UCS Server Profile and click Next.
Step 8 On the Storage page, attach the required policies to the UCS Server Profile and click Next.
Step 9 On the Network Configuration page, attach the required policies to the UCS Server Profile and click Next.
Step 10 On the Summary page, verify the details of the UCS Server Profile and the policies attached to it.
Step 11 Click Deploy to create the UCS Server Profile and deploy it to the assigned server.
Note • For the Assign Server from a Resource Pool assignment type, if a resource is not available in the
resource pool, the status of the Server Profile changes to Waiting for Resources . When a server is
added to the resource pool at a later time, the server gets automatically added to the server profile from
the Waiting for Resources status.
• Resource pool does not support dynamic selection of server. You can manually assign servers to a
resource pool and can continue with the automated server profile assignment.
• For more information on creating a resource pool and viewing the resource pool details, see Resource
Pools.
• For more information on creating a UUID pool and viewing the UUID pool details, see UUID Pools.
Note This action can be performed on a server profile that has servers
assigned to it.
• Unassign—Unassign the UCS Server profile from the Fabric Interconnect pair.
Note This action can be performed on a server profile that has servers
assigned to it.
• Create a template—Create a new template using the properties of the server profile.
• Detach from template—Detach the server profile from a template and modify its properties.
Last Update The date and time that the UCS Server profile was
last updated.
Displays the policies associated with the server profile. Click on the policy name to view details of the
associated policy.
If you make changes to a policy attached to a Server Profile after it is deployed, or add a new policy to
the profile, the Server Profile Table view displays Not Deployed Changes to reflect the edits to the profile
or the referenced policies. The Server Profile Detail view highlights the referenced policies, and the View
Changes window allows you to view the actual changes. You can also view the Configuration details
from the Service Profiles table view.
• View the assigned server and its properties in the Server tab.
• View the inventory of the assigned server in the Inventory tab.
Important • The chassis profile feature is available in Cisco Intersight only if:
• You have installed the Cisco Intersight Essentials License.
• You are either an Account Administrator or Server Administrator.
• Policies that are attached to a chassis profile can be created ahead of creating a profile or during the
creation of the profile.
• If chassis polices are changed after deployment, the chassis profile will be set in Pending Changes state
and you must manually re-associate the changed policies to chassis.
• Chassis policies will be applied to both the input/output modules (IOMs) in a chassis. The chassis policies
association workflow will get failed even if the policy cannot be applied to one of the IOMs.
Step 1 Log in to Cisco Intersight with your Cisco ID and select admin role.
Step 2 Navigate to Profiles > Chassis Profiles tab and click Create UCS Chassis Profile.
Step 3 On the General page, select the organization and enter a name for your profile. Optionally, include a short description
and tag information to help identify the profile. Tags must be in the key:value format. For example, Org: IT or Site: APJ.
Step 4 On the Chassis Assignment page, assign a chassis to the Chassis Profile. You can also click Assign Later and assign
a chassis to the chassis profile later.
Step 5 Click Next.
Step 6 On the Chassis Configuration page, attach the required policies and click Next.
Step 7 On the Summary page, verify the details of the UCS Chassis Profile and the policies attached to it.
Step 8 Click Deploy to deploy the UCS Chassis Profile to the assigned Fabric Interconnect.
• Status—The status of deploying the Chassis profile on a Fabric Interconnect pair, such as:
• OK
• Not Assigned
• Not Deployed
• Failed
• Not Deployed Changes
Domain Policies
Domain policies in Cisco Intersight allow you to configure various parameters for UCS Fabric Interconnects,
including port configuration, network control settings, and VLAN and VSAN settings. A domain policy can
be assigned to any number of domain profiles to provide a configuration baseline. Domain policies in Cisco
Intersight are a new feature, and native to the application. Policy-based configuration with Domain Profiles
is a Cisco Intersight Essentials feature, and is supported on Cisco UCS B and C-Series M5 and M6 servers,
and Cisco UCS X-Series M6 servers that are in a UCS Domain.
The Domain Policy creation wizard in Cisco Intersight has two pages:
• General—The general page allows you to select the organization and enter a name for your policy.
Optionally, include a short description and tag information to help identify the policy. Tags must be in
the key:value format. For example, Org:IT or Site APJ
• Policy Details—The policy details page has properties that are applicable to UCS Domain Policies.
The following list describes the domain policies that you can configure in Cisco Intersight.
• Port Policy—Configures the ports and port roles for the Fabric Interconnect. Each Fabric Interconnect
has a set of ports in a fixed port module that you can configure. You can enable or disable a port or a
port channel.
The port policy is associated with a switch model. The network configuration limits also vary with the
switch model.
The maximum number of ports and port channels supported are:
• Ethernet Uplink, Fibre Channel over Ethernet (FCoE) Uplink port channels, and Appliance port
channels (combined)—12
• Ethernet Uplink ports per port channel—16
• FCoE Uplink ports per port channel—16
• Ethernet Uplink and FCoE Uplink ports (combined)—31
• Server ports—54 ports for Cisco UCS 6454 and 108 ports for Cisco UCS 64108 Fabric Interconnects
• Ethernet Network Control Policy—Configures the network control settings for appliance ports, port
channels, or vNICS.
• Ethernet Network Group Policy—Configures the allowed VLANs and native VLAN for appliance
ports, port channels or vNICs.
• VLAN Configuration Policy—Creates a connection to a specific external LAN.
• VSAN Configuration Policy—Partitions the Fibre Channel fabric into one or more zones. Each zone
defines the set of Fibre Channel initiators and Fibre Channel targets that can communicate with each
other in a VSAN.
• NTP Policy—Enables the NTP service to configure a UCS system that is managed by Cisco Intersight
to synchronize the time with an NTP server. You must enable and configure the NTP service by specifying
the IP/DNS address of at least one server or a maximum of four servers that function as NTP servers.
When you enable the NTP service, Cisco Intersight configures the NTP details on the endpoint. For more
information, see Creating an NTP policy.
• Network Connectivity Policy—Specifies the DNS Domain settings that are used to add or update the
resource records on the DNS server from the endpoints, and the DNS server settings for IPv4 and IPv6
on an endpoint.
• System QoS Policy (Preview)—Implements network traffic prioritization based on the importance of
the connected network by assigning system classes for individual vNICs. Intersight uses Data Center
Ethernet (DCE) to handle all traffic inside a Cisco UCS domain. This industry standard enhancement to
Ethernet divides the bandwidth of the Ethernet pipe into eight virtual lanes. Two virtual lanes are reserved
for internal system and management traffic. You can configure quality of service (QoS) for the other six
virtual lanes. System classes determine how the DCE bandwidth in these six virtual lanes is allocated
across the entire Cisco UCS domain.
Each system class reserves a specific segment of the bandwidth for a specific type of traffic, which
provides a level of traffic management, even in an oversubscribed system. For example, you can configure
the Fibre Channel Priority system class to determine the percentage of DCE bandwidth allocated to
FCoE traffic. The configuration setup validates each input on the system class to prevent duplicate or
invalid entries.
This feature is in preview and is not meant for use in your production environment. Cisco recommends
that you use this feature on a test network or system.
The following list describes the system classes that you can configure.
• Platinum, Gold, Silver, and Bronze—A configurable set of system classes that you can include in
the QoS policy for a service profile. Each system class manages one lane of traffic. All properties
of these system classes are available for you to assign custom settings and policies.
• Best Effort—A system class that sets the quality of service for the lane reserved for basic Ethernet
traffic. Some properties of this system class are preset and cannot be modified. For example, this
class has a drop policy that allows it to drop data packets if required. You cannot disable this system
class.
• Fibre Channel—A system class that sets the quality of service for the lane reserved for Fibre Channel
over Ethernet traffic. Some properties of this system class are preset and cannot be modified. For
example, this class has a no-drop policy that ensures it never drops data packets. You cannot disable
this system class.
• Multicast Policy (Preview)—Configures Internet Group Management Protocol (IGMP) snooping and
IGMP querier. IGMP Snooping dynamically determines hosts in a VLAN that should be included in
multicast transmissions.
You can create, modify, and delete a multicast policy that can be associated to one or more VLANs.
When a multicast policy is modified, all VLANs associated with that multicast policy are re-processed
to apply the changes. By default, IGMP snooping is enabled and IGMP querier is disabled. On enabling
IGMP querier, you can configure the IPv4 addresses for the local and peer IGMP snooping querier
interfaces.
• Simple Network Management Protocol (SNMP) Policy—Configures the SNMP settings for sending
fault and alert information by SNMP traps from the managed devices. Any existing SNMP Users or
SNMP Traps configured previously on the managed devices are removed and replaced with users or
traps that you configure in this policy.
• Syslog Policy—Enables to configure the local logging and remote logging (minimum severity) for an
endpoint. This policy also provides configuration support to store the syslog messages in the local file
and the remote syslog server.
• Switch Control Policy (Preview)—Enables to configure and manage multiple network operations on
the Fabric Interconnects (FI) that include:
• Port Count Optimization—If the VLAN port count optimization is enabled, the Virtual Port (VP)
groups are configured on the Fabric Interconnect (FI) and if VLAN port count optimization is
disabled, the configured VP groups are removed from the FI.
• MAC Aging Time—Allows to set the MAC aging time for the MAC address table entries. The
MAC aging time specifies the time before a MAC entry expires and discards the entry from the
MAC address table.
• Link Control Global Settings—Enables configurations of message interval time in seconds and
allows to reset the recovery action of an error-disabled port.
• Flow Control Policy—Enables configurations for Priority Flow Control for ports and port channels.
• Link Control Policy—Enables configurations of Link Control administrative state and configuration
(normal or aggressive) mode for ports.
• Link Aggregation Policy— Enables to configure Link Aggregation properties. Link Aggregation
combines multiple network connections in parallel to increase throughput and to provide redundancy.
Switch Model Select any one of the following two switch models:
• Cisco UCS 64108 Fabric Interconnect
• Cisco UCS 6454 Fabric Interconnect
Note The switch models provide different
network configuration capabilities
to the policy. The switch model
cannot be changed once the policy
is created.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Unified Ports
By default, all the unconfigured ports are Ethernet ports. Use the blue slider to select and configure the
ports. The selected ports are highlighted in blue.
Fibre Channel (FC) Displays the port range selected for Fibre Channel.
Port Roles
To configure, click on the ports within the switch. For multiple ports, hold the Shift key and the selected
ports display in blue and the port numbers appear under Selected Ports above the switch image.
Priority Select the priority of the port for routing traffic and
ensuring QoS.
Ethernet Network Group Select the Ethernet Network Group policy that is to
be attached to the ethernet uplink or appliance port.
The Ethernet Network Group policy specifies the
Allowed VLANs and the Native VLAN.
Note Ethernet Network Group policy applies
only for ports with ethernet uplink and
appliance roles.
Ethernet Network Control Select the Ethernet Network Control policy that is
to be attached to the appliance port. The Ethernet
Network Control policy allows you to enable or
disable CDP, specify the MAC Register Mode, the
action to be taken on uplink fail, the MAC security
details and LLDP details.
Note Ethernet Network Control policy applies
only for a port with an appliance role.
Port Channels
Select the ports for configuration either by clicking on the ports within the graphic image or in the box
next to the desired port within the table.
Role The port channel role type. The role type can be:
• Ethernet Uplink Port Channel
• FC Uplink Port Channel
• FCoE Uplink Port Channel
• Appliance Port Channel
Ethernet Network Group Select the Ethernet Network Group policy that is to
be attached to the ethernet uplink or appliance port
channel. The Ethernet Network Group policy
specifies the Allowed VLANs and the Native
VLAN.
Note Ethernet Network Group policy applies
to port channels with ethernet uplink and
appliance roles.
Ethernet Network Control Select the Ethernet Network Control policy that is
to be attached to the appliance port channel. The
Ethernet Network Control policy allows you to
enable or disable CDP, specify the MAC Register
Mode, the action to be taken on uplink fail, the
MAC security details and LLDP details.
Note Ethernet Network Control policy applies
only for a port channel with an appliance
role.
Port Channel Select the valid port channel range between 1 and
256.
3. Click Create.
Set Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Allowed VLANs IDs of the allowed VLANs for the interface. Enter
the VLAN IDs, or VLAN ranges as a
comma-separated list. For example, 1-10, 15.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
3. Click Create.
Note Ensure that each VLAN is associated with a multicast policy. You can edit the existing VLANs and associate
them to a multicast policy.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
2. On the Policy Details page, click Add VLAN and configure the following policy details:
Note The maximum number of VLANs allowed per Ethernet Network Policy is 3000.
3. Click Add.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
When a hostname is used for NTP configuration, DNS server information must be configured in the
Network Connectivity policy.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Dynamic DNS Update Domain Specify the dynamic DNS Domain. The Domain
can be either a main Domain or a sub-Domain.
This property is not applicable to Fabric
Interconnects.
IPv4 Properties
Obtain IPv4 DNS Server Addresses from DHCP Whether the IPv4 addresses are obtained from
Dynamic Host Configuration Protocol (DHCP) or
from a specifically configured set of DNS servers.
• Enabled—Intersight uses DHCP
• Disabled—Intersight uses a configured set of
IPv4 DNS servers.
Preferred IPv4 DNS Server The IP address of the primary DNS server. This
property is displayed only when Obtain IPv4 DNS
Server Addresses from DHCP is disabled.
Alternate IPv4 DNS Server The IP address of the secondary DNS server. This
property is displayed only when Obtain IPv4 DNS
Server Addresses from DHCP is disabled.
IPv6 Properties
Obtain IPv6 DNS Server Addresses from DHCP Whether the IPv6 addresses are obtained from
Dynamic Host Configuration Protocol (DHCP) or
from a specifically configured set of DNS servers.
• Enabled—Intersight uses DHCP
• Disabled—Intersight uses a configured set of
IPv6 DNS servers.
Preferred IPv6 DNS Server The IP address of the primary DNS server. This
property is displayed only when Obtain IPv6 DNS
Server Addresses from DHCP is disabled.
Alternate IPv6 DNS Server The IP address of the secondary DNS server. This
property is displayed only when Obtain IPv6 DNS
Server Addresses from DHCP is disabled.
3. Click Create.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Trap Community String Enter the SNMP community group name used for
sending SNMP trap to other devices.
Note This field is applicable only for
SNMPv2c trap host or destination.
SNMP Users
Privacy Type Select AES as the privacy protocol for the user.
Note The DES privacy type is deprecated to
meet security standards.
Privacy Password Confirmation Enter the privacy password confirmation for the
user.
User Select the SNMP user for the trap. You can define
maximum of 15 trap users.
Note This field is applicable only to SNMPv3.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Allow Packet Drops You can select to allow the packet drop for this
system class during transmission.
This field is always selected for the Best Effort
class, which allows dropped packets, and always
not selected for the Fibre Channel class, which
never allows dropped packets.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Local Logging
Minimum Severity to Report Select the lowest severity level to report in the
remote log. The severity levels are:
• Warning
• Emergency
• Alert
• Critical
• Error
• Notice
• Informational
• Debug
Minimum Severity To Report Select the lowest severity level to report in the
remote log. The severity levels are:
• Warning
• Emergency
• Alert
• Critical
• Error
• Notice
• Informational
• Debug
3. Click Create.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Switching Mode
Enable VLAN Port Count Optimization Select to enable the VLAN port count optimization.
This option is disabled by default.
Aging Time (Seconds) Define the MAC address aging time in seconds.
This field is valid only when the Custom option is
selected.
Message Interval Enter the time interval between two Link Control
probe messages on ports that are in advertisement
mode and are bidirectional. Valid values are from
7 to 90 seconds.
3. Click Create
.
Note On the Policy Details page, all the existing Switch Control policies show the value of Link Control Global
Settings fields as blank. These policies display the correct values on policy edit/update.
Note When you change the switching mode of a Fabric Interconnect, the Fabric Interconnect goes for a reboot.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Auto Auto receives and sends the priority flow. This field
is enabled by default.
Note Flow Control should be enabled only on interfaces that are connected to Flow Control capable
devices. The following interface types are supported:
• Ethernet uplink ports and port channels
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Suspend Individual
LACP Rate
Note Link Aggregation should be enabled only on interfaces that are connected to link aggregation
capable devices. The following interface types are supported:
• Ethernet uplink port channel
• FCoE uplink port channel
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Note Link Control policy should be enabled only on interfaces that are connected to link control capable
devices. The following interface types are supported:
• Ethernet uplink ports
• FCoE uplink ports
• Ethernet uplink port channels
• FCoE uplink port channels
3. Click Create.
Note Ensure that each VLAN is associated with a multicast policy. You can edit the existing VLANs and associate
them to a multicast policy.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Querier IP Address The IPv4 address for the IGMP snooping querier
interface.
This field appears only when Querier State is
enabled.
Querier IP Address Peer (Optional) The IPv4 address for the peer IGMP
snooping querier interface. The peer IP address is
assigned to FI-B.
This field appears only when Querier State is
enabled.
3. Click Create.
Server Policies
Policies in Cisco Intersight provide different configurations for UCS servers, including BIOS settings, firmware
versions, disk group creation, Simple Mail Transfer Protocol (SMTP), Intelligent Platform Management
Interface (IPMI) settings, and more. A policy that is once configured can be assigned to any number of servers
to provide a configuration baseline. Policies in Cisco Intersight are native to the application and are not directly
imported from the UCS Systems. Policy-based configuration with Server Profiles is a Cisco Intersight Essentials
functionality.
The Server Policy creation wizard in Cisco Intersight has two pages:
• General—The general page allows you to select the organization and enter a name for your policy.
Optionally, include a short description and tag information to help identify the policy. Tags must be in
the key:value format. For example, Org: IT or Site: APJ.
• Policy Details—The policy details page has properties that are applicable to standalone UCS servers,
FI-attached UCS servers, or both. You can view these properties separately for All Platforms, UCS
Servers (Standalone), and UCS Servers (FI-Attached) Preview by clicking on these options.
Server Policies can be imported as part of importing configuration details (server profiles and policies) of a
Cisco C-Series Standalone server from Cisco IMC. For more information, see Importing a Server Profile.
The following list describes the server policies that you can configure in Cisco Intersight.
• Adapter Configuration Policy—Configures the Ethernet and Fibre-Channel settings for the VIC adapter.
• BIOS Policy—Automates the configuration of BIOS settings on the managed devices. You can create
one or more BIOS policies which contain a specific grouping of BIOS settings. If you do not specify a
BIOS policy for a server, the BIOS settings remain as they are. If a BIOS policy is specified, the values
that are specified in the policy replace any previously configured values on a server (including bare metal
server configuration settings). To apply the BIOS policy settings, you must reboot the server.
• Boot Order Policy—Configures the linear ordering of devices and enables you to change the boot order
and boot mode. You can also add multiple devices under various device types, rearrange the boot order,
and set parameters for each boot device type.
The inventory view enables you to view the actual boot order configured on a server. The boot order
displays the details that include device name, device type, configuration details such as Boot Mode
(Legacy or UEFI), and Secure Boot Mode (Enabled or Disabled).
Note A device configured in the server profile of Boot Order Policy may
not appear in the actual boot order, if the server BIOS does not detect
the device during server boot.
Intersight provides a One-Time Boot (OTB) option to set a boot device that temporarily overrides the
Boot Order Policy and the existing boot order. To set a One-Time Boot Device, select Power Cycle or
Power On from the Servers Table view or from the Server Details page and toggle ON the Set One
Time Boot Device Option. This operation attempts to boot from the One Time Boot device as part of
the power cycle or power on action. After power cycle or power on, OTB configuration will be cleared
to enable the next reboot to follow the default Boot Order.
Note • The OTB option is available for servers that have been
configured with a Boot Order Policy that is associated with a
server profile. For a successful OTB configuration, you must
deploy a server profile with a Boot Order Policy in Intersight
in advance.
• Any out-of-band- boot order change will not reflect on the
Intersight UI for OTB device configuration.
In the case of PXE Boot configuration, importing the server policy will not create the PXE device under
boot policy if either the MAC address or both the slot and port are not present for a given PXE device
under the Boot policy on the server. However, if both slot and port are present, boot order is set to ANY
for the bootable interface on a given slot on the server. For non-VIC adapters you can configure PXE
Boot with the MAC address, or both the slot and port, or slot only.
In the case of SAN Boot device configuration in the legacy mode, provide the boot target Logical Unit
Number (LUN), device slot ID, interface name, and target WWPN. For SAN Boot device configuration
in the Unified Extensible Firmware Interface (UEFI) mode, provide the bootloader name, description,
and path in addition to the fields listed in the legacy mode.
In the case of iSCSI Boot provide the target interface details, authentication mechanism, and initiator
IP source.
• In the case of Non-Volatile Memory Express (NVMe) Boot, configure the NVMe drive as bootable in
the UEFI mode. During the server profile depoloyment, this NVMe configuration setting enables selecting
the BIOS in a defined order.
• Certificate Management Policy—Allows you to specify the certificate and private key-pair details for
an external certificate.
• Device Connector Policy—Lets you choose the Configuration from Intersight only option to control
configuration changes allowed from Cisco IMC. The Configuration from Intersight only option is
enabled by default. You will observe the following changes when you deploy the Device Connector
policy in Intersight:
• Validation tasks will fail:
• If Intersight Read-only mode is enabled, firmware upgrades will be successful only when performed
from Intersight. Firmware upgrade performed locally from Cisco IMC will fail.
• IPMI over LAN privileges will be reset to read-only level if Configuration from Intersight only
is enabled through the Device Connector policy, or if the same configuration is enabled in the Device
Connector in Cisco IMC.
Atention The Device Connector Policy will not be imported as part of the
Server Profile Import.
• Ethernet Adapter Policy—Governs the host-side behavior of the adapter, including how the adapter
handles traffic. For each VIC Virtual Ethernet Interface, you can configure various features such as
VXLAN, NVGRE, ARFS, Interrupt settings, and TCP Offload settings.
This policy includes the recommended default configurations for the supported server operating systems.
The policy supports 16 default configurations. During the policy creation, you can select and import a
default configuration.
Note You cannot modify the default configurations. However, the policy
that has the imported default configuration can be modified.
• Ethernet Network Policy—Determines if the port can carry single VLAN(Access) or multiple
VLANs(Trunk) traffic. You can specify the VLAN to be associated with an Ethernet packet if no tag is
found.
• Ethernet Network Control Policy—Configures the network control settings for the appliance ports,
port channels, or vNICs.
• Ethernet Network Group Policy—Configures the allowed VLAN and native VLAN for the appliance
ports, port channels, or vNICs.
• Ethernet QoS Policy—Assigns a system class to the outgoing traffic for a vNIC. This system class
determines the quality of service for the outgoing traffic. For certain adapters, you can also specify
additional controls like burst and rate on the outgoing traffic.
• Fibre Channel Adapter Policy—Governs the host-side behavior of the adapter, including how the
adapter handles traffic. You can enable FCP Error Recovery, change the default settings of Queues, and
Interrupt handling for performance enhancement.
This policy includes the recommended default configurations for the supported server operating systems.
The policy supports nine default configurations. During the policy creation, you can select and import a
default configuration.
Note You cannot modify the default configurations. However, the policy
that has the imported default configuration can be modified.
• Fibre Channel Network Policy—Governs the VSAN configuration for the virtual interfaces.
• Fibre Channel QoS Policy—Assigns a system class to the outgoing traffic for a vHBA. This system
class determines the quality of service for the outgoing traffic. For certain adapters, you can also specify
additional controls like burst and rate on the outgoing traffic.
• IPMI over LAN Policy—Defines the protocols for interfacing with a service processor that is embedded
in a server platform. The IPMI enables an operating system to obtain information about the system health
and control system hardware and directs the BMC to perform appropriate actions to address a problem.
You can create an IPMI Over LAN policy to manage the IPMI messages through Cisco Intersight. You
can assign these user roles to an IPMI user per session:
Important The encryption key to use for IPMI communication should have an
even number of hexadecimal characters and not exceed 40 characters.
• admin—IPMI users can perform all available actions. If you select this option, IPMI users with the
"Administrator" user role can create admin, user, and read-only sessions on this server.
• read-only—Can view information but cannot make any changes. IPMI users with the "Administrator",
"Operator", or "User" user roles can only create read-only IPMI sessions, regardless of their other
IPMI privileges.
• user—IPMI users can perform some functions but cannot perform administrative tasks. If you select
this option, IPMI users with the "Administrator" or "Operator" user role can create user and read-only
sessions on this server.
• LAN Connectivity Policy—Determines the connections and the network communication resources
between the server and the LAN on the network. You must create the Ethernet Adapter, Ethernet QoS,
and Ethernet Network policies as part of the LAN connectivity policy. For IMM servers, use a MAC
pool, or static MAC addresses, to assign MAC addresses to servers and to identify the vNICs that the
servers use to communicate with the network. For more information about creating Network Policies,
see Creating Network Policies.
• LDAP Policy—Specifies the LDAP configuration settings and preferences for an endpoint. The endpoints
support LDAP to store and maintain directory information in a network. The LDAP policy determines
configuration settings for LDAP Servers, DNS parameters including options to obtain a domain name
used for the DNS SRV request, Binding methods, Search parameters, and Group Authorization preferences.
Through an LDAP policy, you can also create multiple LDAP groups and add them to the LDAP server
database.
• Local User Policy—Automates the configuration of local user preferences. You can create one or more
Local User policies which contain a list of local users that need to be configured.
• Persistent Memory Policy—Persistent Memory Modules (PMem Modules) are non-volatile memory
modules that bring together the low latency of memory and the persistence of storage. PMem Modules
provide faster access to data and retain across power cycles, based on the mode. Intersight supports the
configuration of Intel® Optane™ PMem Module modules on the UCS M5 servers that are based on the
Second Generation Intel® Xeon® Scalable processors. Intel® Optane™ PMem Modules can be used only
with the Second-Generation Intel® Xeon® Scalable processors. The Persistent Memory Policy allows
the configuration of security, Goals, and Namespaces of Persistent Memory Modules:
• Security—Used to configure the secure passphrase for all the persistent memory modules.
• Goal—Used to configure volatile memory and regions in all the PMem Modules connected to all
the sockets of the server. Intersight supports only the creation and modification of a Goal as part of
the Persistent Memory policy. Some data loss occurs when a Goal is modified during the creation
or modification of a Persistent Memory Policy. For information on the data loss, see the Data Loss
during Persistent Memory Policy Configuration and Deployment table in Resources.
• Namespaces—Used to partition a region mapped to a specific socket or a PMem Module on a socket.
Intersight supports only the creation and deletion of Namespaces as part of the Persistent Memory
Policy. Modifying a Namespace is not supported. Some data loss occurs when a Namespace is
created or deleted during the creation of a Persistent Memory policy. For information on the data
loss, see the Data Loss during Persistent Memory Policy Configuration and Deployment table in
Resources.
It is important to consider the memory performance guidelines and population rules of the Persistent
Memory Modules before they are installed or replaced, and the policy is deployed. The population
guidelines for the PMem Modules can be divided into the following categories, based on the number
of CPU sockets:
• Dual CPU for UCS C220 M6, C240 M6, and B200 M6 servers
• Dual CPU for UCS C220 M5, C240 M5, and B200 M5 servers
• Quad CPU for UCS C480 M5 and B480 M5 servers
• Dual CPU for UCS S3260 M5 servers
For more information about creating a Persistent Memory policy, exceptions to the policy, and other
caveats regarding the policy, see Persistent Memory Policy in Resources.
• SAN Connectivity Policy—Determines the network storage resources and the connections between the
server and the SAN on the network. This policy enables you to configure vHBAs that the servers use to
communicate with the Storage Area Network. You can use WWNN and WWPN address pools, or static
WWNN and WWPN addresses to add vHBAs and to configure them. You must create the Fibre Channel
Adapter, Fibre Channel QoS, and Fibre Channel Network policies as part of the SAN connectivity policy.
For more information about creating Network policies, see Creating Network Policies.
• SD Card Policy—Configures the Cisco FlexFlash and FlexUtil Secure Digital (SD) cards for the Cisco
UCS C-Series Standalone M4 and M5 servers. This policy specifies details of virtual drives on the SD
cards. You can configure the SD cards in the Operating System Only, Utility Only, or Operating System
+ Utility modes.
When two cards are present in the Cisco FlexFlash controller and Operating System is chosen in the SD
card policy, the configured OS partition is mirrored. If only single card is available in the Cisco FlexFlash
controller, the configured OS partition is non-RAID. The utility partitions are always set as non-RAID.
.
• SMTP Policy—Sets the state of the SMTP client in the managed device. You can specify the preferred
settings for outgoing communication and select the fault severity level to report and the mail recipients.
• SOL Policy—Enables the input and output of the serial port of a managed system to be redirected over
IP. You can create one or more Serial over LAN policies which contain a specific grouping of Serial
over LAN attributes that match the needs of a server or a set of servers.
• SSH Policy—Enables an SSH client to make a secure, encrypted connection. You can create one or more
SSH policies that contain a specific grouping of SSH properties for a server or a set of servers.
• Simple Network Management Protocol (SNMP) Policy—Configures the SNMP settings for sending
fault and alert information by SNMP traps from the managed devices. Any existing SNMP Users or
SNMP Traps configured previously on the managed devices are removed and replaced with users or
traps that you configure in this policy. If you have not added any users or traps in the policy, the existing
users or traps on the server are removed but not replaced.
• Storage Policy—A Storage policy allows you to create drive groups, virtual drives, configure the storage
capacity of a virtual drive, and configure the M.2 RAID controllers.
• Syslog Policy—Defines the logging level (minimum severity) to report for a log file collected from an
endpoint, the target destination to store the Syslog messages, and the Hostname/IP Address, port
information, and communication protocol for the Remote Logging Server(s).
• Virtual Media Policy—Enables you to install an Operating System on the server using the KVM console
and virtual media, mount files to the host from a remote file share, and enable virtual media encryption.
You can create one or more Virtual Media policies, which can contain virtual media mappings for different
OS images, and configure up to two virtual media mappings, one for ISO files (through CDD), and the
other for IMG files (through HDD).
For more information about the various mount options for the Virtual Media volumes, see Virtual Media
Mount options.
• Virtual KVM Policy—Enables specific grouping of virtual KVM properties. This policy allows you
specify the number of allowed concurrent KVM sessions, port information, and video encryption options.
• IMC Access Policy—Enables to manage and configure your network through mapping of IP pools to
the server profile. This policy allows you to configure a VLAN and associate it with an IP address through
the IP pool address.
• Power Policy—Enables the management of power for FI-attached servers and chassis. This policy allows
you to set the power profiling and the power restore state of the system. For more information, see
Creating a Power Policy for Server
• NTP Policy—Allows you to enable the NTP service on an Intersight Managed Cisco IMC (Standalone)
server. The NTP service synchronizes the time with an NTP server. You must enable and configure the
NTP service by specifying the IP address or DNS of a minimum of one to a maximum of four NTP
servers.
NTP policy also allows you to configure the timezone on Cisco IMC (Standalone) server. When you
enable the NTP service and select Timezone, Cisco Intersight configures the NTP details and Timezone
on the endpoint.
Creating a Policy
In Cisco Intersight, you can create a UCS Server or UCS Domain policy by using the policy wizard. To create
and configure a new policy, do the following:
Step 1 Log in to Cisco Intersight with your Cisco ID and select admin role.
Step 2 Navigate to Policies and click Create Policy.
Step 3 Select Policy Type.
You can filter the list of policies based on whether they are applicable to UCS Server, UCS Domain, or Hyperflex
Cluster.
Supported Servers
IPMI Over Yes Yes Yes Yes Yes Yes Yes Yes
LAN Policy
Local User Yes Yes Yes Yes Yes Yes Yes Yes
Policy
SoL Policy Yes Yes Yes Yes Yes Yes Yes Yes
Supported Servers
Boot Order Yes Yes Yes Yes Yes Yes Yes Yes
Policy
Supported Servers
Note This policy, if attached to a server profile that is assigned to an Intersight Managed Fabric Attached server,
will be ignored.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
2. On the Policy Details page, click Add VIC Adapter Configuration and configure the following
parameters:
3. Click Add.
4. Click Create.
Note For manual placement, PCI Link is not supported on UCS VIC
1400 Series adapters.
• Auto vNIC Placement—If you select this option, vNIC placement will be done automatically
during profile deployment. This option is available only for Cisco Intersight Managed FI Attached
servers.
Add vNIC
Ensure that you configure eth0 and eth1 interfaces for each VIC adapter you configure. You can
add additional vNICs depending on your network requirements.
MAC Address Pool Click Select Pool and choose a MAC address
pool for MAC address assigment.
Placement
PCI Link The PCIe link used as transport for the virtual
interface. All VIC adapters have a single PCI link
except VIC 1385 which has two.
Failover
Enabling failover ensures that traffic automatically fails over from one uplink to another in case of
an uplink failure.
Ethernet Network Group Policy Select the Ethernet Network Group policy
Ethernet Network Control Policy Select the Ethernet Network Control policy.
Connection
usNIC
User Space NIC Settings that enable low-latency and higher throughput by bypassing the kernel
layer when sending/receiving packets.
VMQ
Virtual Machine Queue Settings for the virtual interface that allow efficient transfer of network
traffic to the guest operating system.
Number of Sub vNICs Number of sub vNICs that are available for Multi
Queue.
• Click Add.
3. Click Create.
The following features are not supported when GENEVE offload is enabled on any interface:
• Azure Stack QoS
• RoCEv2 - you cannot have GENEVE enabled on one vNIC and RoCEv2 enabled on another.
• Advanced Filters
• usNIC
• VMQ
Note On switching from GENEVE offload feature to Azure Stack QoS feature or vice versa, please do the following:
1. Disable the current feature
2. Reboot the server
3. Enable the required feature
For details on supported features matrix with GENEVE offload, refer the table below.
KVM VXLAN NVGRE RoCEv2 usNIC Netflow Advanced VMQ/ arfs Azure QoS
VM - Filters VMMQ/
FEX netqueue
KVM VXLAN NVGRE RoCEv2 usNIC Netflow Advanced VMQ/ arfs Azure QoS
VM - Filters VMMQ/
FEX netqueue
Note We recommend that you use the values in these policies for the applicable operating system. Do not modify
any of the values in the default policies unless directed to do so by Cisco Technical Support.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Enable Virtual Extensible LAN Enables the Virtual Extensible LAN protocol on the
virtual Ethernet interface.
Enable Network Virtualization using Generic Enables Network Virtualization using Generic
Routing Encapsulation Routing Encapsulation on the virtual Ethernet
interface.
Note The Transmit checksum offload and TSO
must be enabled for the NVGRE
offloading to be effective.
Enable Accelerated Receive Flow Steering Enables Accelerated Receive Flow Steering (ARFS)
on the virtual Ethernet interface. ARFS is
hardware-assisted receive flow steering that can
increase CPU data cache hit rate by steering kernel
level processing of packets to the CPU where the
application thread consuming the packet is running.
RoCE Settings
Intersight supports RDMA over Converged Ethernet (RoCE) for Microsoft SMB Direct. It sends additional
configuration information to the adapter while creating or modifying an Ethernet adapter policy.
Enable RDMA over converged Ethernet Enables RDMA over Converged Ethernet (RoCE)
on the virtual Ethernet interface.
RoCE allows direct memory access over an Ethernet
network. RoCE is a link layer protocol, and hence,
it allows communication between any two hosts in
the same Ethernet broadcast domain. RoCE delivers
superior performance compared to traditional
network socket implementations because of lower
latency, lower CPU utilization, and higher utilization
of network bandwidth.
Interrupt Settings
Receive
Receive Queue resource settings.
Transmit
Transmit Queue resource settings
Completion
Completion Queue resources settings
Uplink Failback Timeout (seconds) Uplink Failback Timeout in seconds when uplink
failover is enabled for a vNIC. After a vNIC has
started using its secondary interface, this setting
controls how long the primary interface must be
available before the system resumes using the
primary interface for the vNIC.
Enter an integer between 0 and 600.
TCP Offload
The TCP offload settings decide whether to offload the TCP related network functions from the CPU
to the network hardware or not. These options help reduce the CPU overhead and increase the network
throughput.
Enable Tx Checksum Offload Enables the CPU to send all packets to the hardware
so that the checksum can be calculated.
Enable Rx Checksum Offload Enables the CPU to send all packet checksums to
the hardware for validation.
Enable Large Send Offload Enables the CPU to send large packets to the
hardware for segmentation.
Enable Large Receive Offload Enables the CPU to reassemble the segmented
packets in hardware before sending them to the
CPU.
Enable Receive Side Scaling Enables to receive side scaling and allows the
incoming traffic to be spread across multiple CPU
cores.
Enable IPv4 Hash Enables the IPv4 address for traffic distribution.
Enable IPv6 Extension Hash Enables the IPv6 extensions for traffic distribution.
Enable IPv6 Hash Enables the IPv6 address for traffic distribution.
Enable TCP and IPv4 Hash Enables both the IPv4 address and TCP port number
for traffic distribution.
Enable TCP and IPv6 Extensions Hash Enables both the IPv6 extensions and TCP port
number for traffic distribution.
Enable TCP and IPv6 Hash Enables both the IPv6 address and TCP port number
for traffic distribution.
Enable UDP and IPv4 Hash Enables both the IPv4 address and UDP port number
for traffic distribution.
Enable UDP and IPv6 Hash Enables both the IPv6 address and UDP port number
for traffic distribution.
3. Click Create.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Rate Limit, Mbps The value in Mbps (0-100000) to use for limiting
the data rate on the virtual interface. Setting this to
zero will turn rate limiting off.
Enable Trust Host CoS Select to enable the usage of the Class of Service
to be associated to the traffic on the virtual interface.
3. Click Create.
An Ethernet Network policy determines if the port can carry single VLAN (Access) or multiple VLANs
(Trunk) traffic. You can specify the VLAN to be associated with an Ethernet packet if no tag is found.
1. On the General page, configure the following parameters:
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
VLAN Mode
3. Click Create.
Set Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Allowed VLANs IDs of the allowed VLANs for the interface. Enter
the VLAN IDs, or VLAN ranges as a
comma-separated list. For example, 1-10, 15.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
3. Click Create.
• WWPN Pool—A World Wide Name (WWN) pool that contains only WW port names for use by the
Fibre Channel vHBAs in a Cisco UCS Domain. You can also assign a static WWPN to a Fibre Channel
vHBA in a Cisco UCS Domain.
Note For manual placement, PCI Link is not supported on UCS VIC
1400 Series adapters
• Auto vHBAs Placement—If you select this option, vHBA placement will be done automatically
during profile deployment. This option is available only for Cisco Intersight Managed FI Attached
servers.
• Create or select a WWNN Address Pool, or select Static and enter a WWNN address. The Static
option is available only for Cisco Intersight Managed FI Attached servers.
• Click Add vHBA and configure the following parameters:
Add vHBA
WWPN Address Pool Click Select Pool and choose a WWPN address
pool.
Placement
Placement Settings for the virtual interface.
PCI Link The PCIe link used as transport for the virtual
interface. All VIC adapters have a single PCI link
except VIC 1385 which has two.
• Click Add.
3. Click Create.
Note We recommend that you use the values in these policies for the applicable operating system. Do not modify
any of the values in the default policies unless directed to do so by Cisco Technical Support.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Error Recovery
FCP Error Recovery Enables the use of FCP Sequence Level Error
Recovery protocol (FC-TAPE) on the virtual
interface.
I/O Retry Timeout, Seconds The number of seconds the adapter waits before
aborting the pending command and resending the
same I/O request.
Enter an integer between 1 and 59.
Link Down Timeout, ms The number of milliseconds the uplink port should
be offline before it informs the system that the
uplink port is down and fabric connectivity has been
lost.
Enter an integer between 0 and 240000.
Error Detection
Resource Allocation
Flogi
Flogi Retries The number of times that the system tries to log in
to the fabric after the first failure.
Plogi
Plogi Retries The number of times that the system tries to log into
a port after the first failure.
Enter an integer between 0 and 255.
Interrupt
IO Throttle
I/O Throttle Count The number of I/O operations that can be pending
in the vHBA at one time.
Enter an integer between 1 and 1024.
LUN
Maximum LUNs Per Target The maximum number of LUNs that the driver will
export. This is usually an operating system platform
limitation.
Enter an integer between 1 and 1024.
LUN Queue Depth The number of commands that the HBA can send
and receive in a single transmission per LUN.
Enter an integer between 1 and 254.
Receive
Transmit
SCSI I/O
SCSI I/O Queues The number of SCSI I/O queue resources the system
should allocate.
Enter an integer between 1 and 245.
SCSI I/O Ring Size The number of descriptors in each SCSI I/O queue.
Enter an integer between 64 and 512.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
3. Click Create.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Rate Limit, Mbps Used for limiting the data rate on the virtual
interface.
The valid range is between 0 and 100000. The
default value is Zero.
Maximum Data Field Size, Bytes The maximum size of the Fibre Channel frame
payload bytes that the virtual interface supports.
The valid range is between 256 and 2112. The
default value is 2112.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
2. On the Policy Details page, configure the following BIOS policy options:
ACS Control GPU-n Access Control Services (ACS) allow the processor
to enable or disable peer-to-peer communication
n= 1-8
between multiple devices for GPUs.
ACS Control Slot n Access Control Services (ACS) allow the processor
to enable or disable peer-to-peer communication
n= 11-14
between multiple devices for Control Slot n.
CDN Support for LOM Whether the Ethernet Networking Identifier naming
convention is according to Consistent Device
Naming (CDN) or the traditional way of naming
conventions.
LOM Port n OptionROM Whether Option ROM is available on the LOM port
n
n= 0-3
All Onboard LOM Ports Whether all onboard LOM ports are enabled or
disabled
All PCIe Slots OptionROM Whether Option ROM is available on all PCIe slots
PCI ROM CLP PCI ROM Command Line Protocol (CLP) controls
the execution of different Option ROMs such as
PxE and iSCSI that are present in the card.
PCIe Slot:n Link Speed This option allows you to restrict the maximum
speed of an adapter card installed in PCIe slot n.
n= 1-12
Slot n state The state of the adapter card installed in PCIe slot
n.
n= 1-12
PCIe Slot:FLOM Link Speed This option allows you to restrict the maximum
speed of an adapter card installed in PCIe FLOM
slot.
PCIe Slot:Front Nvmen Link Speed This option allows you to restrict the maximum
speed of an NVMe card installed in the front PCIe
n= 1-2
slot n.
PCIe Slot:Frontn Link Speed This option allows you to restrict the maximum
speed of an adapter card installed in the front PCIe
n= 1-2
slot n.
PCIe Slot:HBA Link Speed This option allows you to restrict the maximum
speed of an adapter card installed in PCIe HBA slot.
PCIe Slot:HBA OptionROM Whether the Option ROM is enabled on the HBA
slot.
PCIe LOM:n Link Whether Option ROM is available on the LOM port.
n= 1-2
PCIe Slot:MLOM Link Speed This option allows you to restrict the maximum
speed of an MLOM adapter card installed in a PCIe
slot.
PCIe Slot MLOM OptionROM Whether the Option ROM is enabled on the MLOM
slot.
MRAID Link Speed This option allows you to restrict the maximum
speed of MRAID.
PCIe Slot MRAID OptionROM Whether Option ROM is available on the MRAID
port.
PCIe Slot Nn OptionROM Whether the Option ROM is enabled on the PCIe
slot.
n= 1-24
RAID Link Speed This option allows you to restrict the maximum
speed of MRAID.
PCIe Slot RAID OptionROM Whether the Option ROM is enabled on the RAID
slot.
PCIe Slot:Rear Nvmen Link Speed This option allows you to restrict the maximum
speed of an NVMe card installed in the rear PCIe
n= 1-2
slot n.
PCIe Slot:Rear NVME n OptionRom Whether the Option ROM is enabled on the rear
NVMe slot n.
n= 1-8
PCIe Slot:Risern Link Speed This option allows you to restrict the maximum
speed of Riser card n installed in the PCIe slot.
n= 1-2
PCIe Slot:Riser1 Slotn Link Speed This option allows you to restrict the maximum
speed of slot n on Riser card1 installed in the PCIe
n= 1-3
slot.
PCIe Slot:Riser2 Slotn Link Speed This option allows you to restrict the maximum
speed of slot n on Riser card2 installed in the PCIe
n= 4-6
slot.
PCIe Slot:SAS OptionROM Whether the Option ROM is enabled on the SAS
slot.
PCIe Slot:FrontPcien Link Speed This option allows you to restrict the maximum
speed of the front PCIe n.
n= 1-2
Processor
Adjacent Cache Line Prefetcher Whether the processor fetches cache lines in
even/odd pairs instead of fetching just the required
line.
Autonomous Core C-state When the Operating System requests CPU core C1
state, system hardware automatically changes the
request to core C6 state.
Boot Performance Mode Allows the user to select the BIOS performance
state that is set before the operating system handoff.
Closed Loop Therm Throt Allows for the support of Closed-Loop Thermal
Throttling, which improves reliability and reduces
CPU power consumption through the automatic
voltage control while the CPUs are in the idle state.
Core MultiProcessing Sets the state of logical processor cores per CPU in
a package. If you disable this setting, Intel Hyper
Threading technology is also disabled.
Frequency Floor Override Whether the CPU is allowed to drop below the
maximum non-turbo frequency when idle.
CPU Performance Sets the CPU performance profile for the server.
DRAM Clock Throttling Allows you to tune the system settings between the
memory bandwidth and power consumption.
Enhanced Intel Speedstep(R) Technology Whether the processor uses Enhanced Intel
SpeedStep Technology, which allows the system to
dynamically adjust processor voltage and core
frequency. This technology can result in decreased
average power consumption and decreased average
heat production.
Intel Turbo Boost Tech Whether the processor uses Intel Turbo Boost
Technology, which allows the processor to
automatically increase its frequency if it is running
below power, temperature, or voltage specifications.
Patrol Scrub Interval Controls the time interval between each patrol scrub
memory access. A lower interval scrubs the memory
more often but requires more memory bandwidth.
Select a value between 5 and 23. The default value
is 8.
This option is used only if Patrol Scrub is enabled.
CPU C State Whether the system can enter a power savings mode
during idle periods.
Sub Numa Clustering Whether the CPU supports sub NUMA clustering,
in which the tag directory and the memory channel
are always in the same region.
DCU Streamer Prefetch Whether the processor uses the DCU Streamer
Prefetch mechanism to analyze historical cache
access patterns and preload the most relevant lines
in the L1 cache.
USB
All USB Devices Whether all physical and virtual USB devices are
enabled or disabled.
Legacy USB Support Whether the system supports legacy USB devices.
Make Device Non Bootable Whether the server can boot from a USB device.
Port 60/64 Emulation Whether the system supports 60h/64h emulation for
complete USB keyboard legacy support.
USB Port Front Whether the front panel USB devices are enabled
or disabled.
USB Port Internal Whether the internal USB devices are enabled or
disabled.
USB Port KVM Whether the KVM ports are enabled or disabled.
USB Port Rear Whether the rear panel USB devices are enabled or
disabled.
USB Port SD Card Whether the SD card drives are enabled or disabled.
USB Port VMedia Whether the virtual media devices are enabled or
disabled.
Property
ASPM Support Allows you to set the level of ASPM (Active Power
State Management) support in the BIOS.
Memory mapped IO above 4GB Whether to enable or disable memory mapped I/O
of 64-bit PCI devices to 4GB or greater address
space. Legacy option ROMs are not able to access
addresses above 4GB. PCI devices that are 64-bit
compliant but use a legacy option ROM may not
function correctly with this setting enabled.
MMCFG BASE Sets the low base address for PCIe adapters within
4GB.
NVMe SSD Hot-Plug Support Allows you to replace an NVMe SSD without
powering down the server.
VGA Priority Allows you to set the priority for VGA graphics
devices if multiple VGA devices are found in the
system.
Server Management
Baud rate What Baud rate is used for the serial port
transmission speed. If you disable Console
Redirection, this option is not available.
Adaptive Memory Training The BIOS saves the memory training results
(optimized timing/voltage values) along with
CPU/memory configuration information and reuses
them on subsequent reboots to save boot time. The
saved memory training results are used only if the
reboot happens within 24 hours of the last save
operation.
BIOS Techlog Level The BIOS Tech log output to be controlled at more
a granular level. This reduces the number of BIOS
Tech log messages that are redundant, or of little
use.
OptionROM Launch Optimization The Option ROM launch is controlled at the PCI
Slot level, and is enabled by default. In
configurations that consist of a large number of
network controllers and storage HBAs having
Option ROMs, all the Option ROMs may get
launched if the PCI Slot Option ROM Control is
enabled for all. However, only a subset of
controllers may be used in the boot process. When
this token is enabled, Option ROMs are launched
only for those controllers that are present in boot
policy.
OS Boot Watchdog Timer Whether the BIOS programs the watchdog timer
with a predefined timeout value. If the Operating
System does not complete booting before the timer
expires, the CIMC resets the system and an error is
logged.
Note The OS Boot Watchdog Timer value
must not exceed 5 minutes.
OS Boot Watchdog Timer Policy What action the system takes if the watchdog timer
expires.
OS Boot Watchdog Timer Timeout What timeout value the BIOS uses to configure the
watchdog timer.
Redirection After BIOS POST Whether BIOS console redirection should be active
after BIOS POST is complete and control given to
the OS bootloader.
Boot Order Rules How the server changes the boot order list defined
when there are no devices of a particular device type
available or when the user defines a different boot
order using the server's BIOS Setup Utility.
Memory
BME DMA Mitigation Allows you to disable the PCI BME bit to mitigate
the threat from an unauthorized external DMA.
Boot Options
Cool Down Time (sec) The time to wait (in seconds) before the next boot
attempt.
Boot option retry Whether the BIOS retries NON-EFI based boot
options without waiting for user input.
Onboard SCU Storage Support Whether the onboard software RAID controller is
available to the server.
Onboard SCU Storage SW Stack Whether the onboard software stack is available to
the server.
Power ON Password This token requires that you set a BIOS password
before using the F2 BIOS configuration. If enabled,
password needs to be validated before you access
BIOS functions such as IO configuration, BIOS set
up, and booting to an operating system using BIOS.
P-SATA mode This options allows you to select the P-SATA mode.
SATA mode This options allows you to select the SATA mode.
VMD Enablement Whether NVMe SSDs that are connected to the PCIe
bus can be hot swapped. It also standardizes the
LED status light on these drives. LED status lights
can be optionally programmed to display specific
Failure indicator patterns.
Core Performance Boost Whether the AMD processor increases its frequency
on some cores when it is idle or not being used
much.
RAS Memory
CKE Low Policy Controls the DIMM power savings mode policy.
DRAM Refresh Rate The refresh interval rate for internal memory.
Low Voltage DDR Mode Whether the system prioritizes low voltage or high
frequency memory operations.
Select Memory RAS configuration How the memory reliability, availability, and
serviceability (RAS) is configured for the server.
Intel Directed IO
Intel(R) VT-d Coherency Support Whether the processor supports Intel VT-d
Coherency.
Intel(R) VT-d Interrupt Remapping Whether the processor supports Intel VT-d Interrupt
Remapping.
Intel(R) VT-d PassThrough DMA support Whether the processor supports Intel VT-d
Pass-through DMA.
Intel VTD ATS support Whether the processor supports Intel VT-d Address
Translation Services (ATS).
Main
POST Error Pause What happens when the server encounters a critical
error during POST.
QPI
QPI Link Frequency Select The Intel QuickPath Interconnect (QPI) link
frequency, in megatransfers per second (MT/s).
Serial Port
Trusted Platform
Trusted Platform Module State Determines whether the TPM has been initiatlized
and attached to the Operating System.
Intel Trusted Execution Technology Support Intel Trusted Execution Technology (TXT) provides
greater protection for information that is used and
stored on the business server. This option allows
you to control the TXT support for the system.
3. Click Create.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Enable Secure Boot Mode If UEFI secure boot is enabled, the boot mode is set
to UEFI by default.
Secure boot mode enforces that a device boots using
the software that is trusted by the Original
Equipment Manufacturer (OEM).
• Local CDD
• Device Name—Name of the boot device.
• Local Disk
Note This device allows the host to use
the virtual drive as a bootable
device.
• NVMe
• Device Name—Name of the boot device.
• Bootloader Name—Name of the
bootloader image.
• Bootloader Description—Description
of the bootloader.
• Bootloader Path—Path to the boatloader
image.
• PCH Storage
• Device Name—Name of the boot device.
• LUN—The Logical Unit Number (LUN)
of the boot device (0-255).
• PXE Boot
• Device Name—Name of the boot device.
• SAN Boot
• Device Name—Name of the boot device.
• LUN—The Logical Unit Number (LUN)
of the boot device (0-255).
• Slot—The slot id of the boot device.
• Interface Name—The name of the
underlying vHBA interface.
• Target WWPN—The WWPN Address
of the underlying fiber channel interface
• SD Card
• Device Name—Name of the boot device.
• LUN—The Logical Unit Number (LUN)
of the boot device (0-255).
• Sub-Type— The sub-type for the selected
device:
• FlexUtil
• FlexFlash
• SDCard
• UEFI Shell
• Device Name—Name of the boot device.
• Virtual Media
• Device Name—Name of the boot device.
• Sub-Type— The sub-type for the selected
device:
• None
Note This option is not
supported on UCS
FI-attached servers.
3. Click Create.
Prerequisites
The following are required to configure the iSCSI boot device:
• iSCSI Static Target Policy—When you select Static as the mode for configuring the iSCSI boot policy,
you can use the iSCSI Static Target policy to specify the primary target details. You can also specify the
details of a secondary target, if required.
• iSCSI Adapter Policy—Using this policy you can specify the TCP and DHCP Connection Timeout and
the retry count when the logical unit number of the boot device is busy.
• Creating an IQN Pool—Using this policy you can specify the TCP and DHCP Connection Timeout
and the retry count when the logical unit number of the boot device is busy.
Target Interface
Target interface can be Auto or Static.
DHCP Vendor ID/IQN If you select Auto for the target interface, specify the
Initiator name, or the DHCP vendor ID. The vendor
ID can be up to 32 alphanumeric characters.
Static
If the target interface is Static specify the following parameters.
Primary Target Select the Primary Target policy. iSCSI target is the
remote disk in the storage area network from which
the operating system is initialized. This policy
specifies the Target Name, the IP Address of the
target, the Port, and the LUN ID.
Adapter Policy Select the Adapter Policy for the iSCSI boot device.
The Adapter Policy specifies the TCP and DHCP
Timeouts, and the Retry Count if the LUN ID is busy.
Authentication
You can select CHAP or Mutual CHAP as the authentication method and specify the parameters. If you
have selected CHAP, specify the CHAP authentication parameters for iSCSI Target. Mutual CHAP is a
two-way DHCP mechanism and is more secure.
Click Create.
TCP Connection Timeout Enter the number of seconds after which the TCP
connection times out.
DHCP Timeout Enter the number of seconds after which the DHCP
times out.
Click Create.
Click Create.
• If Intersight Read-only mode is enabled, firmware upgrades will be successful only when performed
from Intersight. Firmware upgrade performed locally from Cisco IMC will fail.
• IPMI over LAN privileges will be reset to read-only level if Configuration from Intersight only is enabled
through the Device Connector policy, or if the same configuration is enabled in the Device Connector
in Cisco IMC.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
2. In the Policy Details page, enable or disable Configuration from Intersight only. This option is enabled
by default.
3. Click Create.
Note This policy is not applicable for virtual drives for a Cisco Boot Optimised M.2 RAID Controller.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Drive Number Specify the drive number for the disk group
associated with the RAID controller.
Dedicated Hot Spares Select Enable to use a hot spare drive in the case
of disk failure in the disk group.
Set Disks in JBOD state to Unconfigured good Select to allow users to convert any disks in JBOD
to be un-configured good disks so that they can be
used in the RAID group.
Atention All virtual drives in a disk group should be managed by using the same disk group policy.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
IPv4 address configuration Select to determine the type of network for this
policy.
Note You can select only IPv4 address
configuration or both IPv4 and IPv6
configuraitons.
IPv6 address Configuration Select to determine the type of network for this
policy.
Note You can select only IPv6 address
configuration or both IPv4 and IPv6
configuraitons.
IP Pool
Select IP Pool Click to view the list of IP Pools available and select
an IP pool for In-Band configuration.
IP Pool
Select IP Pool Click to view the list of IP Pools available and select
an IP pool for Out-Of-Band configuration.
Note Only IPv4 addresses are supported for
Out-Of-Band configuration.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Enable IPMI Over LAN The state of the IPMI Over LAN service on the
endpoint.
Encryption Key Used for IPMI communication. The key should have
an even number of hexadecimal characters and not
exceed 40 characters.
Note This is applicable to Cisco UCS C-Series
Standalone M4, M5 and M6 servers only.
3. Click Create.
Note This policy, if attached to a server profile that is assigned to an Intersight Managed FI-attached UCS server,
will be ignored.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Base Settings
Binding Parameters
Bind Password The password of the user. This field is editable only
if you have selected Configured Credentials option
as the binding method.
Search Parameters
Group Authorization
Nested Group Search Depth Parameter to search for an LDAP group nested
within another defined group in an LDAP group
map. The parameter defines the depth of a nested
group search.
User Search Precedence The order of search between the local user database
and LDAP user database. This can be one of the
following:
• Local User Database (Default setting)
• LDAP User Database
Domain The LDAP server domain the group must reside in.
User Search Precedence The order of search between the local user database
and LDAP user database. This can be one of the
following:
• Local User Database (Default setting)
• LDAP User Database
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Password Expiry Duration The time period that you can set for the existing
password to expire (from the time you set a new
password or modify an existing one). The range is
between 1 to 3650 days.
Grace Period Time period till when the existing password can
still be used, after it expires. Enter a value between
0 to 5 days. Entering 0 disables this field.
Always Send User Password When enabled, the user password is always sent to
the endpoint device. When not enabled, the user
password is sent to the endpoint device for new
users and when the password is changed for existing
users.
Password The password for this user name. When you move
the mouse over the help icon beside the field, the
following guidelines to set the password are
displayed:
• The password must have a minimum of 8 and
a maximum of 14 characters.
• The password must not contain the User Name.
• The password must contain characters from
three of the following four categories:
• English uppercase characters (A through
Z).
• English lowercase characters (a through
z).
• Base 10 digits (0 through 9).
• Non-alphabetic characters (!, @, #, $, %,
^, &, *, -, _, , =, '').
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
When a hostname is used for NTP configuration, DNS server information must be configured in the
Network Connectivity policy.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Operating System Partition Name The name for the Operating System partition.
Utility Only
Operating System Partition Name The name for the Operating System partition.
3. Click Create.
Exceptions
• SD Card Policy is not supported on M6 servers.
• SD Card Policy is not imported with a Server Profile when the SD Cards are not present in the server.
• Diagnostics is applicable for M5 Series only.
• For the Operating System+Utility mode the M5 servers require at least 1 FlexFlash + 1 FlexUtil card.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Enable Serial Over LAN The state of Serial Over LAN service on the
endpoint.
COM Port The serial port through which the system routes
Serial Over LAN communication.
• com0—SoL communication is routed through
COM port 0, an externally accessible serial
port that supports either a physical RJ45
connection to an external device or a virtual
SoL connection to a network device.
If you select this option, the system enables
SoL and disables the RJ45 connection, which
means that the server can no longer support an
external serial device.
• com1—SoL communication is routed through
COM port 1, an internal port accessible only
through SoL.
If you select this option, you can use SoL on
COM port 1 and the physical RJ45 connection
on COM port 0.
Baud Rate The Baud Rate used for Serial Over LAN
communication. The rate can be:
• 9600 bps
• 19.2 kbps
• 38.4 kbps
• 57.6 kbps
• 115.2 kbps
SSH Port The SSH port used to access Serial Over LAN
directly. Enables bypassing Cisco IMC shell to
provide direct access to Serial Over LAN.
The valid range is 1024 to 65535. The default value
is 2400.
Note • This is applicable to Cisco UCS
C-Series Standalone M4, M5 and
M6 servers only.
• Changing the SSH Port setting
disconnects any existing SSH
sessions.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
SSH Timeout (seconds) The number of seconds to wait before the system
considers a SSH request to have timed out.
Enter an integer between 60 and 10,800. The default
is 1,800 seconds.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Enable Virtual KVM The state of the vKVM service on the endpoint.
Remote Port The port for remote KVM communication. The port
range is from 1024 to 49151. The default is 2068.
Enable Local Server Video Enables KVM session displays on any monitor
attached to the server.
Note This is applicable to Cisco UCS C-Series
Standalone M4, M5, and M6 servers
only.
3. Click Create.
Exceptions
• The virtual media viewer is accessed through the KVM. If you disable the KVM console, Cisco IMC
also disables access to all virtual media devices attached to the host.
• After a KVM vMedia session is mapped, if you change the KVM management policy, it will result in a
loss of the vMedia session. You must re-map the KVM vMedia session again.
Tag (optional) Enter a tag in the key value format. For example,
Org: IT or Site: APJ.
Enable Virtual Media Select this option to enable the virtual media policy.
This property is enabled by default.
Enable Virtual Media Encryption Select this option to enable encryption of the virtual
media communications. This property is enabled
by default.
Note For firmware versions 4.2(1a) or higher,
this encryption parameter is deprecated
and disabling the encryption will further
result in validation failure during the
server profile deployment.
Enable Low Power USB Select this option to enable the appearance of virtual
drives on the boot selection menu after mapping the
image and rebooting the host. This property is
enabled by default.
NFS/CIFS/HTTP/HTTPS
The properties below vary depending on the tab that is selected.
File Location Provide the remote file location path: Host Name
or IP address/file path/file name
• IP Address—The IP address or the hostname
of the remote server.
• File Path—The path to the location of the
image on the remote server.
• File Name—The name of the remote file in
.iso or .img format.
Mount Options The mount options for the virtual media mapping.
The field can be left blank or filled in a comma
separated list using the following options:
• For NFS, supported options are ro, rw, nolock,
noexec, soft, port=VALUE, timeo=VALUE,
retry=VALUE.
• For CIFS, supported options are soft, nounix,
noserverino, guest, ver=3.0, or ver=2.0.
Note If the firmware version is 4.1 or
higher, and the CIFS version is
lower than 3.0, the mount option
field must be entered with the
version value (vers=VALUE). For
example, vers=2.0.
3. Click Create.
Exceptions
• When an answer file is embedded in the OS ISO, it fails to boot from vMedia when the bootmode is set
to UEFI, and the OS installation fails on Cisco UCS C-Series Standalone M4 servers.
• vMedia mapping of the OS image for HTTPS based share fails to mount.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Dynamic DNS Update Domain Specify the dynamic DNS Domain. The Domain
can be either a main Domain or a sub-Domain.
This property is not applicable to Fabric
Interconnects.
IPv4 Properties
Obtain IPv4 DNS Server Addresses from DHCP Whether the IPv4 addresses are obtained from
Dynamic Host Configuration Protocol (DHCP) or
from a specifically configured set of DNS servers.
• Enabled—Intersight uses DHCP
• Disabled—Intersight uses a configured set of
IPv4 DNS servers.
Preferred IPv4 DNS Server The IP address of the primary DNS server. This
property is displayed only when Obtain IPv4 DNS
Server Addresses from DHCP is disabled.
Alternate IPv4 DNS Server The IP address of the secondary DNS server. This
property is displayed only when Obtain IPv4 DNS
Server Addresses from DHCP is disabled.
IPv6 Properties
Obtain IPv6 DNS Server Addresses from DHCP Whether the IPv6 addresses are obtained from
Dynamic Host Configuration Protocol (DHCP) or
from a specifically configured set of DNS servers.
• Enabled—Intersight uses DHCP
• Disabled—Intersight uses a configured set of
IPv6 DNS servers.
Preferred IPv6 DNS Server The IP address of the primary DNS server. This
property is displayed only when Obtain IPv6 DNS
Server Addresses from DHCP is disabled.
Alternate IPv6 DNS Server The IP address of the secondary DNS server. This
property is displayed only when Obtain IPv6 DNS
Server Addresses from DHCP is disabled.
3. Click Create.
Note This policy, if attached to a server profile that is assigned to an Intersight Managed FI-attached UCS server,
will be ignored.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
SMTP Server Address The IP address or host name of the SMTP server.
SMTP Port The port number used by the SMTP server for
outgoing SMTP communication.
The range is from 1 to 65535. The default is 25.
SMTP Alert Sender Address The sender IP address or hostname of all the SMTP
mail alerts.
3. Click Create.
SNMP Port The port on which Cisco IMC SNMP agent runs.
Trap Community String Enter the SNMP community group name used for
sending SNMP trap to other devices.
Note This field is applicable only for
SNMPv2c trap host or destination.
SNMP Users
Privacy Type Select AES as the privacy protocol for the user.
Note The DES privacy type is deprecated to
meet security standards.
Privacy Password Confirmation Enter the privacy password confirmation for the
user.
User Select the SNMP user for the trap. You can define
maximum of 15 trap users.
Note This field is applicable only to SNMPv3.
3. Click Create.
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
General Configuration
Use JBOD Drives for Virtual Drive creation Enable this option to use disks in JBOD state for
creating virtual drives.
Unused Disks State Select the state to which unused disks in this policy
are to be moved. The state can be any one of
UnconfiguredGood, or JBOD.
Selecting No Change leaves the state unchanged.
Slot of the M.2 RAID Controller for Virtual Select the slot of the M.2 RAID controller for virtual
Drive Creation drive creation. The slots that can be selected are:
• MSTOR-RAID-1 — Select this option if there
is only one M.2 RAID controller slot, or if
there are two slots for the M.2 RAID controller
and the virtual drive has to be created on the
controller in the first slot.
• MSTOR-RAID-2 — Select this option if there
are two slots for the M.2 RAID controller and
the virtual drive has to be created on the
controller in the second slot.
• MSTOR-RAID-1,MSTOR-RAID-2 — Select
this option to create virtual drives on
controllers in either or both slots.
Drive Group Configuration Enable to add RAID drive groups that can be used
to create virtual drives. You can also specify the
Global Hot Spares information.
This configuration is not applicable for M.2 RAID
controllers.
Global Hot Spares Specify the disks that are to be used as hot spares,
globally for all the RAID groups.
The allowed value is a number range separated by
a comma or a hyphen.
RAID Level The RAID level of a disk group describes how the
data is organized on the disk group for the purpose
of ensuring availability, redundancy of data, and
I/O performance. The levels are:
• RAID0—Data is striped across all disks in the
array, providing fast throughput. There is no
data redundancy, and all data is lost if any disk
fails.
• RAID1—Data is written to two disks,
providing complete data redundancy if one
disk fails. The maximum array size is equal to
the available space on the smaller of the two
drives.
• RAID5—Data is striped across all disks in the
array. Part of the capacity of each disk stores
parity information that can be used to
reconstruct data if a disk fails. RAID 5
provides good data throughput for applications
with high read request rates.
• RAID6—Data is striped across all disks in the
array and two sets of parity data are used to
provide protection against failure of up to two
physical disks. In each row of data blocks, two
sets of parity data are stored.
• RAID10—RAID 10 uses mirrored pairs of
disks to provide complete data redundancy and
high throughput rates through block-level
striping. RAID 10 is mirroring without parity
and block-level striping. A minimum of four
disks are required for RAID 10.
• RAID50—Data is striped across multiple
striped parity disk sets to provide high
throughput and multiple disk failure tolerance.
• RAID60—Data is striped across multiple
striped dual parity disk sets to provide high
throughput and greater disk failure tolerance.
Drive Selection
Drive Array Span 0 Enter the drive array span. RAID levels RAID0,
RAID1, RAID5, and RAID6 that do not have spans
have only one disk group. RAID levels with spans
have multiple disk groups with each disk group
representing a span.
RAID levels without spans have one span group
and RAID levels with spans have two to eight span
groups.
Note If you have selected a RAID level
without spans, then the field Drive Array
Span 0 alone appears. If you have
selected a RAID level with spans, you
would have had to specify the number
of spans. In this scenario, as many Drive
Array Span fields as there are spans
appear for you to specify the details.
Drive Groups Select the drive groups on which the virtual drive
is to be created.
Number of Copies Enter the number of copies of the virtual drive that
is to be created. You can create a maximum of 10
copies.
Expand to Available Enable for the virtual drive to use all the space
available in the disk group. When this flag is
enabled, the size property is ignored.
Set as Boot Drive Select to use this virtual drive as a boot drive.
Strip Size Select the strip size required. Allowed values are
64KiB, 128KiB, 256KiB, 512KiB, 1 MiB.
Access Policy Select the type of access the host has to this virtual
drive:
• Read Write—Enables host to perform
read-write on the virtual drive
• Read Only—Host can only read from the
virtual drive.
• Blocked—Host can neither read nor write to
the virtual drive.
Read Policy Select the read ahead mode for this virtual drive:
• Always Read Ahead
• No Read Ahead
Disk Cache Select the disk cache policy for this virtual drive.
The values are:
• Unchanged
• Enabled
• Disabled
Single Drive RAID Configuration Enable to create RAID0 virtual drives on each
physical drive.
Drive Slots Specify the set of drive slots where RAID0 virtual
drives are to be created.
Note Single drive RAID allows you to add
slots only where disks are planned to be
inserted in future.
Strip Size Select the strip size required. Allowed values are
64KiB, 128KiB, 256KiB, 512KiB, 1MiB.
Access Policy Select the type of access the host has to this virtual
drive:
• Read Write—Enables host to perform
read-write on the virtual drive
• Read Only—Host can only read from the
virtual drive.
• Blocked—Host can neither read nor write to
the virtual drive.
Read Policy Select the read ahead mode for this virtual drive:
• Always Read Ahead
• No Read Ahead
Disk Cache Select the disk cache policy for this virtual drive.
The values are:
• Unchanged
• Enabled
• Disabled
3. Click Create.
Note The Delete Virtual Drives option is not available in Storage Policy. Use the Storage Controllers page to delete
virtual drives
Add Tag (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Local Logging
Minimum Severity to Report Select the lowest severity level to report in the
remote log. The severity levels are:
• Warning
• Emergency
• Alert
• Critical
• Error
• Notice
• Informational
• Debug
Minimum Severity To Report Select the lowest severity level to report in the
remote log. The severity levels are:
• Warning
• Emergency
• Alert
• Critical
• Error
• Notice
• Informational
• Debug
3. Click Create.
Set Tags (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Power Restore
Allows the user to configure the power restore state of the server on the CIMC. In the absence of IMM
connectivity, the CIMC will use this policy to recover the host power after a power loss event.
Always Off Always keep the host power off after a power loss
event.
4. Click Create.
Chassis Policies
Chassis policies in Cisco Intersight allow you to configure various parameters for chassis, including IP pool
configuration, VLAN settings, SNMP authentication, and SNMP trap settings. A chassis policy can be assigned
to any number of chassis profiles to provide a configuration baseline for a chassis.
The Chassis Policy creation wizard in Cisco Intersight has two pages:
• General—The general page allows you to select the organization and enter a name for your policy.
Optionally, include a short description and tag information to help identify the policy. Tags must be in
the key:value format. For example, Org:IT or Site APJ
• Policy Details—The policy details page has properties that are applicable to UCS Chassis Policies.
The following list describes the chassis policies that you can configure in Cisco Intersight.
• IMC Access Policy—Enables to configure and manage your network through mapping of IP pools to
the chassis profile. This policy allows you to configure a VLAN and associate it with an IP address
through the IP pool.
• SNMP Policy—Configures the SNMP settings for sending fault and alert information by SNMP traps
from the managed devices. Any existing SNMP Users or SNMP Traps configured previously on the
managed devices are removed and replaced with users or traps that you configure in this policy. If you
have not added any users or traps in the policy, the existing users or traps on the input/output module
(IOM) are removed.
• Power Policy—Enables the management of power for chassis. This policy allows you to configure
redundancy mode of the Chassis Power Supplies (PSUs) and allocate power to the chassis. You can view
the redundancy state, mode, qualifier, and power details of the chassis in the properties section of the
General tab on the Chassis details view page. The policy is currently applicable only for B-Series chassis.
For details, see Creating a Power Policy for Chassis
• Thermal Policy—Allows the user to set the value of the Fan Control Mode for the chassis. The Fan
Control Mode controls the speed of the chassis fan to maintain optimal server cooling. The policy is
currently applicable only for B-Series chassis. For details, see Creating a Thermal Policy.
IPv4 address configuration Select to determine the type of network for this
policy.
Note You can select only IPv4 address
configuration or both IPv4 and IPv6
configurations.
IPv6 address Configuration Select to determine the type of network for this
policy. You can select only IPv6 address
configuration or both IPv4 and IPv6 configurations.
Important IPv6 is supported only on
UCS-IOM-2408
IP Pool
Select IP Pool Click to view and select the IP pool list on the right
pane.
3. Click Create.
Trap Community String Enter the SNMP community group name used for
sending SNMP trap to other devices.
Note This field is applicable only for
SNMPv2c trap host or destination.
SNMP Users
Privacy Type Select AES as the privacy protocol for the user.
Privacy Password Confirmation Enter the privacy password confirmation for the
user.
User Select the SNMP user for the trap. You can define
maximum of 15 trap users.
Note This field is applicable only to SNMPv3.
3. Click Create.
Set Tags (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Power Redundancy
sets the redundancy mode of the chassis power supplies.
Power Allocation (Watts) Allows the user to set the maximum power a chassis
can consume.
The value can range from minimum of system
requirement to maximum of available power.
Note This feature is supported only for UCS
X series chassis.
4. Click Create.
Set Tags (Optional) Enter a tag in the key:value format. For example,
Org: IT or Site: APJ.
Balanced The fans run faster when needed based on the heat
generated by the server. When possible, the fans
return to the minimum required speed.
Low Power The fans run at slightly lower minimum speeds than
the Balanced mode, to consume less power when
possible.
Maximum Power The fan are always kept at the maximum speed. This
option provides the most cooling and consumes
most power.
Note This mode is supported only for UCS
X-Series chassis.
3. Click Create.
Pools
Pools are the basic building blocks for uniquely identifying hardware resources. As the basis for the UCS
management model, they allow Service Profiles to be associated with any blade server, while still providing
the exact same ID and presentation to the upstream LAN or SAN. If a pool is actively associated with a profile,
the pool cannot be deleted.
The following list are the pool types that you can configure in Cisco Intersight:
• IP pools—Provide the flexibility of assigning IP addresses dynamically for services running on a network
element.
• MAC address pools—Provide unique IDs for network interface ports.
• WWNN and WWPN pools—Provide unique IDs for Fibre Channel resources on a server (Fibre Channel
nodes and ports).
• IQN pools—Provide collection of iSCSI Qualified Names (IQNs) for use as initiator identifiers by iSCSI
vNICs.
IP Pools
An IP pool is a sequential range of IP addresses within a certain network. You can have multiple pool
configurations. Each pool can have a priority and can be assigned to a group. IP addresses can be assigned
dynamically from a single pool or from a group of pools. The Least Recently Used (LRU) method is used to
assign IP addresses. In each pool, the addresses are placed in a queue. At the time of assigning, the address
at the head of the queue is assigned, and when released is placed at the end of the queue. IP Pools are
VRF-aware. IP pools support both IPv4 and IPv6 addresses.
Creating an IP Pool
IP Pools represent a collection of IP addresses that can be allocated to configuration entities such as server
profiles. You can create IPv4 pool or IPv6 pool or both.
Step 1 From the left navigation panel, click Create Pools > IP > Start.
The IP Pool wizard appears.
IP Pool Details
Details
Displays the list of IP pools.
Configuration
Last Updated on The date and time when the IP pool was last updated.
Usage
IP, VRFs, and Server Profile Displays the IP address, VRF instances, and associated
server profiles.
Actions
MAC Pools
A MAC pool is a collection of network identities, or MAC addresses, that are unique in their Layer 2
environment and are available to be assigned to vNICs on a server. If you use MAC pools in server profiles,
you do not have to manually configure the MAC addresses to be used by the server associated with the server
profile.
To assign a MAC address to a server, you must include the MAC pool while adding a vNIC to a LAN
Connectivity policy. The LAN Connectivity policy is then included in the server profile assigned to that server.
Step 1 From the left navigation panel, click Pools > MAC > Create MAC Pool.
The MAC Pool wizard appears.
Step 5 To add more blocks, click + and then add the starting MAC address and total number of MAC addresses in the new block.
Step 6 Click Create.
The newly created MAC pool appears in the list of MAC pools.
UUID Pools
A Universally Unique Identifier (UUID) pool is a collection of UUIDs that are assigned to servers. The prefix
and suffix of the UUID are variable values. A UUID pool ensures that these variable values are unique for
each server associated with a server profile that uses a particular pool to avoid conflicts.
Note • The supported servers and its minimum firmware or Cisco IMC versions required for UUID pool are
mentioned below:
• For more information on the server profile association using UUID pool, see Configuring Server Profiles.
Step 1 From the left navigation panel, click Pools > UUID > Create UUID Pool.
The UUID Pool wizard appears.
Step 6 To add more blocks, click + and then add the starting UUID suffix and total number of UUID identifiers in the new block.
Step 7 Click Create.
The newly created UUID pool appears in the list of UUID pools.
Details
Last Updated on The date and time when the UUID pool was last
updated.
Configuration
Usage
Server Profile Displays the server profile associated with the pool.
WWN Pools
A World Wide Name (WWN) pool is a collection of WWNs for use by the Fibre Channel vHBAs in a Cisco
UCS Domain. You create separate pools for the following:
Important To ensure the uniqueness of the Cisco UCS WWNNs and WWPNs in the SAN fabric, Cisco Intersight uses
the following WWN prefix for all blocks in a pool: 20:00:00:25:B5:xx:xx:xx.
If you use WWN pools in server profiles, you do not have to manually configure the WWNs that will be used
by the server associated with the server profile. In a system that implements multi-tenancy, you can use a
WWN pool to control the WWNs used by each organization.
You assign WWNs to pools in blocks.
WWNN Pools
A WWNN pool is a WWN pool that contains only WW node names. If you include a pool of WWNNs in a
server profile, the associated server is assigned a WWNN from that pool.
WWPN Pools
A WWPN pool is a WWN pool that contains only WW port names. If you include a pool of WWPNs in a
server profile, the port on each vHBA of the associated server is assigned a WWPN from that pool.
Step 1 From the left navigation panel, click Pools > WWNN > Create WWNN Pool.
The WWNN Pool wizard appears.
Step 5 To add more blocks, click + and then add the starting WWN identifier and maximum number of identifiers that the block
can contain.
Step 6 Click Create.
The newly created WWNN pool appears in the list of WWNN pools.
Step 1 From the left navigation panel, click Pools > WWNN > Create WWPN Pool.
The WWPN Pool wizard appears.
Step 5 To add more blocks, click + and then add the starting WWN identifier and maximum number of identifiers that the block
can contain.
Step 6 Click Create.
The newly created WWPN pool appears in the list of WWPN pools.
IQN Pools
An IQN pool is a collection of iSCSI Qualified Names (IQNs) for use as initiator identifiers by iSCSI vNICs.
IQN pool members are of the form prefix: suffix: number, where you can specify the prefix, suffix, and a
block (range) of numbers.
An IQN pool can contain more than one IQN block, with different number ranges and different suffixes, but
sharing the same prefix.
SUMMARY STEPS
1. From the left navigation panel, click Create Pools > IQN > Start.
2. Add the following information on the General page:
• Organization—The organization of the IQN pool.
• Name—Name of the IQN pool.
• Add Tag—The tag to identify and search for the IQN pool.
• Description—The description the IQN pool.
3. Click Next. The Pool Details page appears.
4. Add the following configuration information for IQN pools in the Configuration area:
• Prefix—The prefix for any IQN blocks created for this pool. IQN prefix must have the following
format "iqn-yyyy-mm.naming-authority", where the naming authority is usually the reverse syntax
of the internet domain of the naming authority. Example, iqn1.2021-01.alpha.com
• Suffix—The suffix for this block of IQNs.
Enter from 1 to 64 characters. You can use any letter or number, as well as the special characters .
(period), : (colon), and - (hyphen).
• From—The first iSCSI Qualified Name (IQN) suffix in the block.
• Size—The number of identifiers this block can hold.
DETAILED STEPS
The newly created IQN pool appears in the list of IQN pools.
Details
Last Updated on The date and time when the IQN pool was last
updated.
Configuration
Prefix Displays the prefix for IQN blocks created for this
pool.
Usage
IQN Address and Server Profile Displays the IQN address and associated server
profiles.
Actions
Resource Pools
A resource pool is an aggregation of homogeneous resources that are managed in Intersight. A resource pool
enables you to manage the utilization of resources for certain Intersight features like Server Profile. Currently,
Intersight supports only server type as a resource for the resource pool.
Currently, Cisco Intersight supports only adding a server as a resource. Resource pool enables you to logically
group and manage resources (servers) more effeciently. You can assign servers to a resource pool and can
continue with the automated server profile assignment.
Note For more information on the server profile association using resource pool, see Configuring Server Profile.
Step 1 From the left navigation panel, click Create Pools > Resource > Start.
The Resource Pool wizard is displayed.
Step 3 Click Next. The Resource Pool Details page is displayed with the list of discovered servers based on the target platform
type.
Step 4 Select the servers from the Resource Selection table.
Step 5 Click Create.
The newly created Resource pool appears in the list of Resource pools.
Details
Last Updated on The date and time of the resource pool that was last
updated.
Resource
Target Platform Displays the target platform. This could any of the
following:
• Standalone
• FI-Attached
Configuration
Note The configuration properties of the resource pool differs with the resource type associated.
Usage
Note Using an edit resource pool option, a resource with an active lease cannot be removed from the resource pool.
VRF Guidelines
The following guidelines and limitations apply for VRF instances:
• Intersight creates a default VRF for an account, and manages IP address allocation within the context of
this default VRF.
• Within a single VRF instance, IP addresses must be unique. Between different VRF instances, you can
have overlapping IP addresses.
• If IP Pools are shared between VRF instances, ensure that there are no overlapping IP addresses.
Step 1 From the left navigation panel, click Virtual Routing And Forwarding > VRFs > Create VRF.
The VRF wizard appears.
• Organization—An optional entry of the organization to which the VRF instance belongs.
• Add Tag—An optional tag to identify and search for the VRF instance.
Device Console
The Device Console, which is installed on the Fabric Interconnect, allows you to monitor the health of your
devices, and the status of their connection to Intersight. You can use the Device Console GUI or CLI interface
if you want to troubleshoot your devices, or if your devices are not connecting to Cisco Intersight.
To access the Device Console user interface, log in to the Fabric Interconnect.
Device Connector
This page shows the status of the Device Connector’s connection to Intersight. You can also configure the
parameters for the Device Connector through Settings.
Settings
Getting Started provides detailed information about configuring Device Connector settings, and about
unclaiming a device.
Servers
This page provides detailed information about all the servers connected through the Fabric Interconnect. This
information is based on the data stored in the local database on the Fabric Interconnect.
Details Description
Details Description
User Label A user label usually contains the serial number, PID,
and the VID. This serial number is displayed in the
management software of the server.
Device Connector
You can perform the following operations on the Device Connector:
• Connect to the Device Connector—To connect to the Device Connector through the Intersight CLI shell,
use the connect device-connector command.
connect device-connector
• Show the Device Connector version—To show the Device Connector version, use the show version
command.
show version
• Update the Device Connector—To update the Device Connector image on the Fabric Interconnect-B
and then Fabric Interconnect-A, use the update-device-connector command.
System Information
You can perform the following operations to view system information:
• Show the system clock—To display the system date and time, use the show clock command.
show clock
• Show CLI history—To display the history of CLI commands run in the session, use the show cli history
command.
show sshkey
• Show IP debug information—To display IP information for management interfaces, use the show
mgmt-ip-debug command.
show mgmt-ip-debug
• Show the contents of a file—To display the contents of a file, use the show file command.
show processes
• Show audit log—To display the audit log of the Fabric Interconnect, use the show audit command.
show audit
Servers
You can perform the following operations on the servers:
• Connect to the IO module—To connect to an IO module, use the connect iom command.
• Connect to the CIMC—To connect to the CIMC (Cisco Integrated Management Controller), use the
connect cimc command.
PMON Processes
You can perform the following operations to view pmon processes on the Fabric Interconnect:
• Manage pmon processes—To start, stop, and view the status of the pmon or connector processes, use
the pmon command.
Technical Support
You can perform the following operations on the technical support bundle:
• Show tech-support—To download the contents of the tech-support bundle for a specific blade server,
use the show tech-support command.
Directory Operations
You can perform the following directory operations:
• Change directory—To change directories, use the cd command.
pwd
• List contents of a directory—To list the contents of the current working directory, use the ls command.
ls
• Create a directory—To create a directory under allowed directories, use the mkdir command.
cp [from-filesystem:][from-path]filename [to-filesystem:]to-path[dest-filename]
• Move a file—To move a file from one directory to another, use the mv command.
mv [from-filesystem:][from-path]filename [to-filesystem:]to-path[dest-filename]
• Delete a file—To remove a file from a directory, use the rm command.
Other Operations
These are the other operations that you can perform:
• Set Management IP—To configure the management IP address, network mask, and gateway address on
a Fabric Interconnect, use the set management-network command.
tail-mgmt-log module_name
• Use SSH to connect—To log in to a host that supports SSH, use the ssh command.
ssh host-name
• Use Telnet to connect—To log in to a host that supports Telnet, use the telnet command.
reboot
• Connect to NX-OS—To connect to NX-OS, use the connect nxos command.
connect nxos
• Erase configuration—To erase configuration on the Fabric Interconnect, use the erase-configuration
command.
erase-configuration
• Change the Password—To update the administrator password on the Fabric Interconnect, use the
change-password command.
change-password
• Reset administrator password—To reset the administrator password on the Fabric Interconnect, use the
reset-password command.
reset-password
• Clear the SSH public key—To clear from cache the SSH public key of a remote host, use the clear-sshkey
command.
clear-sshkey host-name
4. Upgrade Request Submission: After you click Upgrade, confirm the upgrade request.
The following workflow illustrates the tasks that occur automatically after you submit an upgrade request:
1. The system validates whether there is enough storage space for the firmware bundle. If the space on the
Fabric Interconnect is insufficient, the upgrade fails.
2. The system checks whether the selected firmware bundle is already in the Fabric Interconnect cache. If
the firmware bundle is not present, it is downloaded to the Fabric Interconnect cache.
3. Both the IO modules are updated and activated on all the connected chassis. IO module upgrade is
completed when the IO modules are rebooted.
4. Click Continue to acknowledge and begin firmware upgrade on Fabric Interconnect-B. After Fabric
Interconnect-B upgrade is complete, the Fabric Interconnect reboots and comes up with the new image.
IOM-B is rebooted along with the Fabric Interconnect-B, and comes up with the upgraded image.
5. Click Continue to acknowledge and begin firmware upgrade on Fabric Interconnect-A. After Fabric
Interconnect-A upgrade is complete, the Fabric Interconnect reboots and comes up with the new image.
IOM-A is rebooted along with the Fabric Interconnect-A, and comes up with the upgraded image.
2. Bundle Selection: After you confirm the server to be upgraded, you must select the host firmware bundle
to which the server needs to be upgraded. The firmware selection screen displays a list of available
firmware bundles and information about their firmware version, size, release date, and description. The
selected firmware bundle will be downloaded from the Cisco Intersight repository.
3. Impact Estimation: The Summary screen shows a summary of the selected server, the firmware version
running on it, and the firmware version to which it will be upgraded. You can choose to upgrade by
clicking Upgrade, or change the firmware version by clicking Back.
4. Upgrade Request Submission: After you click Upgrade, select whether you want the firmware to be
installed immediately or when the device reboots. Confirm the upgrade request.
By default, firmware will be installed on next boot of the device.
The following workflow illustrates the tasks that occur automatically after you submit an upgrade request:
1. The system validates whether there is enough storage space for the firmware bundle. If the space on the
Fabric Interconnect is insufficient, the upgrade fails.
2. The system checks whether the selected firmware bundle is already in the Fabric Interconnect cache. If
the firmware bundle is not present, it is downloaded to the Fabric Interconnect cache.
3. Server firmware is upgraded as follows:
• For B-Series servers:
a. Adapter firmware is updated and activated. Adapter upgrade is completed when the server is
rebooted.
b. The Host Service Utility (HSU) is upgraded immediately or when the server reboots.
c. All server components are upgraded.
• Only Cisco UCS Domains that are claimed through Intersight may be upgraded.
• All servers in the Cisco UCS Domain must be at license tier Essentials or above.
Step 1 From the left navigation pane, click Fabric Interconnects, select a Fabric Interconnect, and perform an Upgrade
Firmware action on it.
Step 2 On the Upgrade Firmware page, click Start.
Step 3 On the General page, confirm selection of the switch Domain and click Next.
Step 4 On the Version page, select the fabric firmware bundle to which the Fabric Interconnects need to be upgraded, and click
Next.
This page displays a list of available firmware bundles and information about their firmware version, size, release date,
and description. The selected firmware bundle will be downloaded from the Intersight repository.
During upgrade of Intersight Managed Fabric Interconnect, the Fabric Interconnect traffic evacuation is enabled by
default. Fabric Interconnect traffic evacuation evacuates all traffic that flows through the Fabric Interconnect from all
servers attached to it, while upgrading the system. The traffic will fail over to the peer Fabric Interconnect for fail over
vNICs. Before the traffic evacuation on a Fabric Interconnect, the user must acknowledge that replay on peer Fabric
Interconnect is completed and all vEths are up. Use the show interface virtual status command to check the vEth status
for respective veths from NXOS.
Before the traffic evacuation, you can check the traffic flowing through the Fabric Interconnect by viewing the Transmit
(Tx) and Receive (Rx) stats of Host Interfaces (HIFs). After the traffic evacuation, you can check the traffic flowing
through the Fabric Interconnect (FI) by viewing the Transmit (Tx) and Receive (Rx) stats of Network Interfaces (NIFs).
Note For Fabric Interconnect traffic evacuation to be functional, vNIC failover must be enabled in the LAN
Connectivity Policy
Step 5 On the Summary screen, verify the summary of the selected switches, the firmware version running on them, and the
firmware version to which they will be upgraded, and click Upgrade.
You can choose to change the firmware version by clicking Back.
Step 1 From the left navigation pane, click Servers, select a server, and perform an Upgrade Firmware action on it.
Note To upgrade more than one server, ensure that the selected servers are of the same model and management mode.
Following are examples of valid selections:
• One or more B200 M5 servers
• One or more C220 M5 servers
Step 5 On the Summary screen, verify the summary of the selected servers, the firmware version running on them, and the
firmware version to which they will be upgraded.
You can choose to change the configuration by clicking Back.
The firmware upgrade workflow begins. You can check the status of the upgrade workflow in the Execution Flow pane.
Acknowledge any messages in the Execution Flow pane and click Continue to proceed with the upgrade.
Important • Tech Support diagnostic files are generated locally at the endpoints and you cannot access them at any
point. Intersight does not currently send any notifications about the Tech Support files or other case-related
activities.
• Connected TAC is available only for cases opened directly with Cisco TAC.
• For partner support cases Connected TAC works as expected only if:
• The partner opens a case on behalf of the Intersight user.
(Or)
• The partner has authorized Intersight users to open a case directly with Cisco TAC.
You can create a Cisco TAC Service Request (SR) directly from Intersight by launching Cisco Support Case
Manager for the following:
• HyperFlex Clusters from the table view and details view.
• IWE Clusters from the table view and details view.
• Servers from the table view and details view.
• Fabric Interconnects from the table view.
You can also open a Cisco TAC case from the Intersight Mobile App.
Before you open a case, please ensure that the following requirements are met:
• A valid service contract (entitlement) exists for the hardware.
• Your Cisco ID is associated with the service contract.
1. Select a HyperFlex Cluster, or a IWE Cluster, or a Server, or a Fabric Interconnect from the
corresponding table view and click the ellipsis (…) in the actions column on the right. You can also Open
a TAC Case from the Actions menu on the HyperFlex Cluster, or IWE Cluster, or the Server Details
page.
2. Select Open TAC Case. The Open a TAC Case window displays with the name and serial number of the
selected HyperFlex cluster or server or Fabric Interconnect.
3. Click Continue to launch Cisco Support Case Manager. On the Cisco Support Case Manager UI,
verify the auto-populated details of your case, add a description and a title for your TAC Case, and click
Submit.
For detailed information about the Proactive Support workflow, configuring the advanced options, and opting
out of proactive RMA, see Proactive RMA for Intersight Connected Devices.
For the requirements and benefits of proactive RMA, see Proactive Support Enable Through Intersight.
Note The Tech Support diagnostic file collection is not supported for unclaimed Intersight managed device.
To initiate the Tech Support diagnostic file collection for Intersight Managed FI attached devices, enter PID
and serial number of the device, and then choose Intersight Managed Domain as the platform type in the
Add Tech Support Bundle window.
The following table provides the combination of input that are required to initiate the Tech Support diagnostic
file collection.
For Intersight Managed FI Attached devices, Tech Support diagnostic file collection is supported on the
following endpoints:
• Blade BMC
• Blade adapter
• Blade chassis
• Fabric Interconnect
• IO modules
• Rack servers
• Rack server adapters
• Server Bundle