Access to Out-of-band and In-Band Management

vutuan777 · ‎02-22-2019

Hi,

In the Cisco APIC Basic Configuration Guide, Cisco said that: "The APIC controller always selects the in-band management interface over the out-of-band management interface, if the in-band management interface is configured. The out-of-band management interface is used only when the in-band management interface is not configured or if the destination address is on the same subnet as the out-of-band management subnet of the APIC. This behavior cannot be changed or reconfigured"

.

As i understand, if i configure in-band management, i can only access to APIC via out-of-band interface if my PC is on same subnet as the out-of-band management subnet. Is it correct !?

Jayesh Singh · ‎02-22-2019

Hi Vutuan,

There are 2 ways APIC can communicate with the outside world via in-band mgmt or oob-mgmt access.

The mgmt address provided at the time of APIC initial bringup is the out of band mgmt IP which goes on the LAN-on-Motherboard port (2xEthernet Ports). In-Band mgmt is provided via leaf switches through data network.

When in-band management is set up, the APIC always prefers in-band for any traffic sourced from the APIC. Out-of-band is still accessible for devices that are sending requests to the out-of-band address specifically.

In one of my setup I have both mgmt connectivity configured and I am able to access devices via OOB IP from any network which has IP reachability to OOB segment.

Also, with APIC 2.1(1x), you can set a global toggle between In-band and out-of-band as the default management connectivity between the APIC server and other external management devices.

I would recommend two docs for you that would help:

1. Toggle feature for inb and oob mgmt preference

2. Refer to In-band and Out-of-band management section

Regards,

Jayesh

***Rate all helpful posts. Mark it as a solution if it answers your query, that would help other users who have the same query.***

vutuan777 · ‎02-22-2019

Hi Jayesh Singh,

I'm testing on my lab.

I have configured both in-band and out-of-band management.

Because i confuse what the Cisco documentation said, so I already changed Connectivity Preferences to oob.

I also add subnet will be used to manage, when configure External Management Entity Instance (Out-of-Band contract), is 0.0.0.0/0

But from APIC oob, i just can ping the gateway (Cat3850_01), can't ping the next hop (Cat3850_02); and of course Cat3850_02 can't ping APIC oob

My topology is very simple: APIC oob <==> Cat3850_01 <==> Cat3850_02.

Jayesh Singh · ‎02-22-2019

That shouldn't be the case if routing is fine on your 3850s. Hope you have the reverse route on 3850_02 for the APIC.

You should try with laptops connected to this setup for verification.

Regards,

Jayesh

vutuan777 · ‎02-22-2019

Hi Jayesh Singh,

I also think the problem lies in routing, but also need someone help clear about access to both in-band and out-of-band interface.

I am not authorized to access the Cat3850, must to wait for answer from the infrastructure team.

Jayesh Singh · ‎02-22-2019

Refer to my first post... That how it works.

Also, have shared links for aci best practice guide where it is documented.