Enabling IPFIX via vRealize Network Insight 5.x results in conflicting errors in vCenter
search cancel

Enabling IPFIX via vRealize Network Insight 5.x results in conflicting errors in vCenter

book

Article ID: 312961

calendar_today

Updated On:

Products

VMware Aria Operations for Networks

Issue/Introduction

Symptoms:
  • vRealize Network Insight is version 5.0 or 5.1.
  • IPFIX has been enabled through the vRealize Network Insight data source.
  • The DVPG in vCenter reports an error similar to:
The operation will violate policy securityPolicyOverrideAllowed specified in portgroup.policy. Port 172 has a conflicting setting.
  • The DVPG is associated to an NSX Edge device.


Environment

VMware vRealize Network Insight 5.x

Cause

While updating the policy of DVPGs that are associated with NSX edges, we are setting the IpfixOverrideAllowed (Netflow) option as required but disabling VLAN and Uplink teaming Policy settings, irrespective of their earlier value.
This causes conflicting settings.

Resolution

This issue will be resolved in a future release of vRealize Network Insight.

Workaround:
To workaround this issue, complete the following:
  1. Log into vRealize Network Insight as an administrative user.
  2. Navigate to Settings > Accounts and Data Sources.
  3. Edit the Data Source the target DVPG is located in.
  4. Uncheck Enable NetFlow (IPFIX) on this vCenter, then click Submit.
  5. Log into vCenter as an administrative user.
  6. Right-Click the target DVPG and click Edit Settings.
  7. Set the Uplink teaming, and Security policy options to Disabled.
  8. Set the VLAN option to Allowed and click Save.
  9. In vRealize Network Insight, edit the Data Source the target DVPG is located in.
  10. Check Enable NetFlow (IPFIX) on this vCenter, then click Submit.
  11. In vCenter, right-click the target DVPG and click Edit Settings.
  12. Set the Uplink teaming, Security policy, and VLAN options to their desired settings and click Save.


Powered by Wolken Software