I've got three management addresses on each L3 device on my network.
How could I simplify this?
What's the most elegant way of setting up management addressing?
This is what I'm doing now:
It is good practice to put your L3 management addresses on loopback interfaces - which are always up as long as that item of equipment is functioning.
To monitor our WAN, of about 400 sites, we have one ‘management address per site' which is separate from the edge-customer traffic, which can be polled by monitoring tools, which could easily represent the SLA compliance or otherwise of our WAN suppliers.
That consumes 2 x ‘C’ class address ranges and is good for 2 x 254 = 508 sites
Those addresses should appear on the Lo0 interfaces of the routers or L3-switches which serve as L3-gateways across our network.
Those addresses are e.g 10.253.0.xxx/24 and 10.254.0.xxx/24, so one particular site in the south of our WAN would have this address:
10.253.0.88 ANYTOWN-RTR1-Lo0 # Lo0 WAN management address on Cisco WS-3650-24PS
And those addresses aren't summarized in the routing table.
But we also need to monitor and manage all the network devices within each site. Now, since the router or L3 switch is always on the LAN, we should be able to deprecate the addressing for ‘one management address per site’. But we can’t. Because, if you give the first address in the subnet to your router but put it on a loopback interface, then it can’t act as the gateway to the rest of that subnet. So you won’t be able to monitor and manage your physical L2 switches or the L2 wireless access points which are the rest of that subnet. So the L3 device has to have TWO management addresses.
10.251.xxx.0/24 for LAN management in the south, 10.252.xxx.0/24 for LAN management in the north
Since our WAN provider are offering SLAs on those WAN links for us, they need a management address as well, fenced off by different security ACLs. So that’s 3 @ IP addresses per router just for management. Which is naturally confusing for every new hire we get.
10.250.0.xxx/24 for exterior monitoring on Lo1 in the south, 10.251.0.xxx/24 for exterior provider monitoring on Lo1 in the North.
For companies hoping to develop from yearly appraisals to a more continuous performance management process, we propose staging it in bit by bit. Begin with a mid-year registration alongside casual criticism, Write My Essay at that point move to quarterly.
Here we will go over the configuration needed for MACsec Switch to Switch using a Pre-Shared Key. Topics that will be covered include, command usage, key derivation and key server election. Please see the MACsec History and Terminology for ...
With increased deployments of high-performance connectivity solutions there is need to maximize security, network speed, bandwidth and efficiency. Fiber to the office/desk etc. (FTTx) is not a new concept, however it is viewed as a key pillar in driving t...
What is PON ?
A Passive Optical Network (PON) is a point-to-multipoint architecture which use a single strand of single mode fiber to deliver voice, video, data to several users (or devices). PON network uses passive splitters in the optical distribution ...
This will be the first in a series of documents I write on MACsec. Some of the other topics I’ll be writing are:
As the configuration will become increasingly complex, I suggest you read them in order.
Configuring MACsec Switch to Switch with Pre-...