06-20-2021 06:53 AM - edited 06-20-2021 11:19 PM
Hello,
I´ve followed the following instructions for setting up MGMT-access directly towards the hosts in my network-simulation https://developer.cisco.com/docs/modeling-labs/#!external-connectivity-for-simulations
External-connector is configured as a bridge and hosts in my lab get´s a DHCP-adress on 192.168.255.x/24 Network but are unreachable from the other VLANs in the same site. I´ve routed 192.168.255.0/24 towards the CML host in the firewall and traffic is allowed.
C:\Users\Jacob Åkerblom>ping 192.168.255.217 Pinging 192.168.255.217 with 32 bytes of data: Reply from 10.182.3.20: Destination port unreachable. Reply from 10.182.3.20: Destination port unreachable. Reply from 10.182.3.20: Destination port unreachable. Reply from 10.182.3.20: Destination port unreachable. Ping statistics for 192.168.255.217: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Where 192.168.255.217 is the DHCP-leased address to the Management-interface of a host in the Network-simulation and 10.182.3.20 is the host running CML. From the host in the network simulation I am able to reach the gateway of the CML host with IP 192.168.255.1
Spine-01#show run interfaces management 1 interface Management1 vrf MGMT ip address dhcp Spine-01#show ip int bri Address Interface IP Address Status Protocol MTU Owner -------------- ---------------------- ---------- ------------ --------- ------- Ethernet1 10.0.1.0/31 up up 9214 Ethernet2 10.0.1.2/31 up up 9214 Ethernet3 10.0.1.4/31 up up 9214 Ethernet4 10.0.1.6/31 up up 9214 Loopback0 10.0.250.1/32 up up 65535 Management1 192.168.255.217/24 up up 1500 Spine-01# Spine-01#show ip route vrf MGMT VRF: MGMT Codes: C - connected, S - static, K - kernel, O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP, R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2, O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary, NG - Nexthop Group Static Route, V - VXLAN Control Service, DH - DHCP client installed default route, M - Martian, DP - Dynamic Policy Route, L - VRF Leaked, RC - Route Cache Route Gateway of last resort: S 0.0.0.0/0 [1/0] via 192.168.255.1, Management1 C 192.168.255.0/24 is directly connected, Management1 Spine-01#ping vrf MGMT 192.168.255.1 PING 192.168.255.1 (192.168.255.1) 72(100) bytes of data. 80 bytes from 192.168.255.1: icmp_seq=1 ttl=64 time=0.590 ms 80 bytes from 192.168.255.1: icmp_seq=2 ttl=64 time=0.421 ms 80 bytes from 192.168.255.1: icmp_seq=3 ttl=64 time=0.388 ms 80 bytes from 192.168.255.1: icmp_seq=4 ttl=64 time=0.373 ms 80 bytes from 192.168.255.1: icmp_seq=5 ttl=64 time=0.216 ms --- 192.168.255.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 7ms rtt min/avg/max/mdev = 0.216/0.397/0.590/0.121 ms, ipg/ewma 1.899/0.486 ms Spine-01#ping vrf MGMT 10.182.3.20 PING 10.182.3.20 (10.182.3.20) 72(100) bytes of data. 80 bytes from 10.182.3.20: icmp_seq=1 ttl=64 time=0.589 ms 80 bytes from 10.182.3.20: icmp_seq=2 ttl=64 time=0.376 ms 80 bytes from 10.182.3.20: icmp_seq=3 ttl=64 time=0.359 ms 80 bytes from 10.182.3.20: icmp_seq=4 ttl=64 time=0.267 ms 80 bytes from 10.182.3.20: icmp_seq=5 ttl=64 time=0.368 ms --- 10.182.3.20 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 7ms rtt min/avg/max/mdev = 0.267/0.391/0.589/0.109 ms, ipg/ewma 1.766/0.486 ms Spine-01#ping vrf MGMT 10.182.3.1 PING 10.182.3.1 (10.182.3.1) 72(100) bytes of data. --- 10.182.3.1 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 41ms Spine-01#
Solved! Go to Solution.
06-23-2021 09:47 AM
Managed to resolve the issue. Our installation of CML came with the firewall enabled by default. By disabling the firewall in the CML Cent-OS host with "sudo systemctl stop firewalld" I was able to login into my devices by the external-connection.
06-20-2021 10:43 AM
outside to host behind the Router "with NAT" and this host get ip from the DHCP?
you need 1:1 NAT if you want to access from outside to host and host must get same ip from dhcp otherwise the 1:1 NAT is not work.
06-20-2021 11:18 PM
Hello!
The connection I am trying to make is from another VLAN in the same site, not from the internet. I have updated the post to clarify this!
Best Regards Jacob
06-23-2021 09:47 AM
Managed to resolve the issue. Our installation of CML came with the firewall enabled by default. By disabling the firewall in the CML Cent-OS host with "sudo systemctl stop firewalld" I was able to login into my devices by the external-connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide