Catalyst 2960-X management port routing

Tibor Marchyn · ‎04-02-2017

Hi,

is there any way to define different default route (i.e. vrf) for catalyst 2960-X management port?

normally we used to have SVI for management as old switches didn't have dedicated management. Now we would like to keep it, but have also dedicated IP for emergency cases over VPN (i.e. central L3 switches crash, so we will connect over VPN to dedicated management VLAN which is directly attached on dedicated switch where are all management port from all switches just for this purpose).

ip default-gateway is normally used, but is it shared between dedicated management and SVI? cannot be specified something else there?

Thanks

Reza Sharifi · ‎04-02-2017

Hi,

Yes, for the dedicated management port, you need to define a default route within the mgmt vrf.

usually, it looks something like this:

ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 192.168.1.1

In this example, 192.168.1.1 is the IP address of the out of band management switch.

HTH

memento · ‎09-19-2018

Normally c2960x switches do not support vfr and they do not have their management interface ( FastEthernet0) placed into Mgmt vrf as that is usually done for routers. Because of that "vrf" option can't be used in "ip route" command. For me to make c2960x switch to start responding to the traffic from other network I had to add a command "ip route 0.0.0.0 0.0.0.0 x.x.x.x" (where x.x.x.x - defalut gateway for the network where switch's management interface Fa0 is). IP routing protocol was NOT ENABLED on the switch.

gshank · ‎09-28-2023

I know this post is 5 years old, but I just had this exact issue. Pretty frustrating as I wanted to use a default pointing to my directly connected ASA instead of the mgmt switch. I ended up putting in a second default route for my firewall and it seems to work ok I guess.