04-02-2017 03:21 AM - edited 03-05-2019 08:17 AM
Hi,
is there any way to define different default route (i.e. vrf) for catalyst 2960-X management port?
normally we used to have SVI for management as old switches didn't have dedicated management. Now we would like to keep it, but have also dedicated IP for emergency cases over VPN (i.e. central L3 switches crash, so we will connect over VPN to dedicated management VLAN which is directly attached on dedicated switch where are all management port from all switches just for this purpose).
ip default-gateway is normally used, but is it shared between dedicated management and SVI? cannot be specified something else there?
Thanks
04-02-2017 06:27 PM
Hi,
Yes, for the dedicated management port, you need to define a default route within the mgmt vrf.
usually, it looks something like this:
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 192.168.1.1
In this example, 192.168.1.1 is the IP address of the out of band management switch.
HTH
09-19-2018 10:17 AM
Normally c2960x switches do not support vfr and they do not have their management interface ( FastEthernet0) placed into Mgmt vrf as that is usually done for routers. Because of that "vrf" option can't be used in "ip route" command. For me to make c2960x switch to start responding to the traffic from other network I had to add a command "ip route 0.0.0.0 0.0.0.0 x.x.x.x" (where x.x.x.x - defalut gateway for the network where switch's management interface Fa0 is). IP routing protocol was NOT ENABLED on the switch.
09-28-2023 09:52 AM
I know this post is 5 years old, but I just had this exact issue. Pretty frustrating as I wanted to use a default pointing to my directly connected ASA instead of the mgmt switch. I ended up putting in a second default route for my firewall and it seems to work ok I guess.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide