Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
1
Replies

Efficient Management Addressing?

ictciscosmart@aberdeenshire
Level 1
Level 1

‎04-11-2019 08:19 AM

Hi,

 

I've got three management addresses on each L3 device on my network.  

How could I simplify this?

What's the most elegant way of setting up management addressing?

 

This is what I'm doing now:

It is good practice to put your L3 management addresses on loopback interfaces - which are always up as long as that item of equipment is functioning.

 

To monitor our WAN, of about 400 sites, we have one ‘management address per site' which is separate from the edge-customer traffic, which can be polled by monitoring tools, which could easily represent the SLA compliance or otherwise of our WAN suppliers.

That consumes 2 x ‘C’ class address ranges and is good for 2 x 254 = 508 sites

Those addresses should appear on the Lo0  interfaces of the routers or L3-switches which serve as L3-gateways across our network.

Those addresses are e.g 10.253.0.xxx/24 and 10.254.0.xxx/24, so one particular site in the south of our WAN would have this address: 

10.253.0.88  ANYTOWN-RTR1-Lo0  # Lo0  WAN management address on Cisco WS-3650-24PS

 

And those addresses aren't summarized in the routing table.

 

But we also need to monitor and manage all the network devices within each site.  Now, since the router or L3 switch is always on the LAN, we should be able to deprecate the addressing for ‘one management address per site’.  But we can’t. Because, if you give the first address in the subnet to your router but put it on a loopback interface, then it can’t act as the gateway to the rest of that subnet.  So you won’t be able to monitor and manage your physical L2 switches or the L2 wireless access points which are the rest of that subnet. So the L3 device has to have TWO management addresses.

e.g. 

10.251.xxx.0/24 for LAN management in the south, 10.252.xxx.0/24 for LAN management in the north

 

Since our WAN provider are offering SLAs on those WAN links for us, they need a management address as well, fenced off by different security ACLs.  So that’s 3 @ IP addresses per router just for management.  Which is naturally confusing for every new hire we get.

e.g. 

10.250.0.xxx/24 for exterior monitoring on Lo1 in the south, 10.251.0.xxx/24 for exterior provider monitoring on Lo1 in the North.

 

So ANYTOWN-RTR1 has 

 

10.250.0.88  ANYTOWN-RTR1-Lo1  # Lo1 External Contractor management address on Cisco WS-3650-24PS

10.251.88.1  ANYTOWN-RTR1-v201  # Vlan201 LAN Management address on  Cisco WS-3650-24PS

10.253.0.88  ANYTOWN-RTR1-Lo0  # Lo0  WAN management address on Cisco WS-3650-24PS

 

And that's a lot of config and router table entries just for management.

 

Surely there must be an easier way of getting the same result?

Labels:
0 Helpful
1 Reply 1

ThomasBurton
Level 1
Level 1

‎04-20-2019 05:04 AM

For companies hoping to develop from yearly appraisals to a more continuous performance management process, we propose staging it in bit by bit. Begin with a mid-year registration alongside casual criticism, Write My Essay at that point move to quarterly.

0 Helpful
Customers Also Viewed These Support Documents