Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
1
Replies

Additional Endpoints in In-Band-Mgmt BD

julian.bendix
Level 3
Level 3

‎05-28-2024 04:38 AM

Hey all  

I am trying something that is maybe a bit strange, but it would safe me an L3Out and assigning some additional subnets..

I have a Nexus Dashboard and a very small ACI fabric (no other Nexus switches anywhere) and subnets as well as additional links for additional L3Outs are in short supply.
Since the Nexus Dashboard (Data Ports) will never have to communicate with anything other than the In-Band IPs of the small fabric... a quick idea I had was to move them into the In-Band Management BD.

It is possible to manually create EPGs in the mgmt Tenant and assign those EPGs to the inb BD.
I did that .. moved the data ports to my new EPG and they can flawlessly ping each other (with IPs within the Subnet of the inb BD).
They can also ping the gateway (IP of the inb BD).

However I fail to establish reachability between the In-Band IPs of the Fabric and the Nexus Dashboard.
I added a contract between my EPG and the In-Band-Management-EPG allowing all traffic  

Any ideas?

Thanks a lot and BR
Jules

Labels:
0 Helpful
1 Reply 1

AshSe
VIP
VIP

‎11-07-2024 04:21 AM

Hey Julian, 

It sounds like you've made significant progress in configuring your Nexus Dashboard and ACI fabric, but you're encountering issues with reachability between the In-Band IPs of the fabric and the Nexus Dashboard. Here are some steps and considerations to help troubleshoot and resolve the issue:

  1. Verify Contract Configuration:
    1. Ensure that the contract you created between your custom EPG and the In-Band Management EPG is correctly configured. The contract should allow all necessary traffic (e.g., ICMP, TCP, UDP) between the two EPGs.
    2. Double-check that the contract is applied correctly and that there are no filters inadvertently blocking traffic.
  2. Check EPG Association:
    1. Confirm that the Nexus Dashboard data ports are correctly associated with the new EPG you created in the In-Band Management BD.
    2. Verify that the In-Band Management EPG includes the In-Band IPs of the fabric.
  3. Subnet Configuration:
    1. Ensure that the subnet configuration for the In-Band Management BD is correct and that the IP addresses assigned to the Nexus Dashboard and the fabric In-Band IPs are within the same subnet.
    2. Verify that the subnet is correctly advertised and that there are no overlapping subnets causing routing issues.
  4. In-Band Management Configuration:
    1. Check the In-Band Management configuration on the ACI fabric to ensure that it is correctly set up to allow communication with the Nexus Dashboard.
    2. Verify that the In-Band Management IP addresses are correctly configured on the APICs and leaf switches.
  5. Routing and Default Gateway:
    1. Ensure that the default gateway for the Nexus Dashboard data ports is set to the IP address of the In-Band Management BD.
    2. Verify that the routing table on the Nexus Dashboard includes a route to the In-Band Management subnet.
  6. Policy Enforcement:
    1. Check if policy enforcement is enabled on the ACI fabric and ensure that the necessary policies are in place to allow communication between the EPGs.
    2. If policy enforcement is disabled, ensure that there are no other configurations or settings blocking the traffic.
  7. APIC and Switch Logs:
    1. Review the logs on the APICs and leaf switches for any errors or warnings related to In-Band Management or EPG communication.
    2. Look for any dropped packets or denied traffic that might indicate a configuration issue.
  8. Nexus Dashboard Configuration:
    1. Verify the network configuration on the Nexus Dashboard to ensure that it is correctly set up to use the In-Band Management subnet.
    2. Check for any firewall or security settings on the Nexus Dashboard that might be blocking the traffic.
  9. Testing and Verification:
    1. Use tools like ping and traceroute from both the Nexus Dashboard and the ACI fabric to test connectivity and identify where the traffic is being blocked.
    2. Perform packet captures on the relevant interfaces to see if the traffic is being sent and received correctly.

If you have gone through these steps and still cannot establish reachability, it may be helpful to contact Cisco TAC (Technical Assistance Center) for further assistance. They can provide more specific troubleshooting steps and help identify any potential issues with your configuration.

 

Happy troubleshooting!!

AshSe

Please rate this post if it was helpful; your feedback is appreciated!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License