cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9402
Views
25
Helpful
14
Replies

Configure Management Port ISR 4331

Elopower123
Level 1
Level 1

Hi,

 

I'm trying to configure my ISR 4331 router. I'm configuring the management port to use it as the port connecting to my internal routers through iBGP. I have put an IP on the port and have connected a cable to it. But when I try to ping the IP I put on the port it times out even though the interface is up.

When I do the sh run command I see "vrf forwarding Mgmt-intf" under the port.

 

Can someone pls assist me on how to configure this so that I can use it as a normal port.

14 Replies 14

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Elopower123 ,

you cannot use the management port for  iBGP and user traffic

It can be used only for management

if you use

ping vrf Mgmnt-intf <ip-address>

you will be able to ping it but no chance to have an iBGP session over it.

 

Use a subinterface on a standard interface for this

 

Hope to help

Giuseppe

 

Hi Larosa,

 

Isn't there a way I can remove the interface from that vrf instance so that it functions as a normal interface?

Hi Larosa,

 

Could you explain more on how this subinterface would work exactly. I have three WAN connections to bring up and a LAN connection (ie the iBGP). And from everything you've said I seem to have only three ports.

(Hopefully Giuseppe won't mind if I answer your question first.)

Are you familiar with switch trunk ports?  If so, a router port with subinterfaces is, more or less, their version of the same concept.

What you need to do, is have some device on the other end of the router's port, the one with subinterfaces, logically have two (or more) links on the one physical link.

If you're using Ethernet for any of your WAN links, often the way this might be done is have two or more of those links, and perhaps the LAN connection, connect to a local switch.  Then on the switch, define a trunk port which connects to one of the router's ports.  On the router, you define that port with subinterfaces, each of which you normally use .Q encapsulation (to match the switch's trunk port VLANs also using .Q encapsulation).

On router:

interface g0/0
!"native", i.e. untagged
ip address x.x.x.x

interface g0/0.2
encapsulation dot1Q 2 !does not need to match interface ".#", but doing so is a good practice.
ip address x.x.x.x

interface g0/0.33
encapsulation dot1Q 33
ip address x.x.x.x

Just like a switch's trunk port, since multiple logical links are sharing a physical port, keep in mind bandwidth usage.

BTW, it's also possible, I believe, to Etherchannel between the router and switch, while still supporting subinterfaces/trunk.  This can help with sharing bandwidth "better" and provides some redundancy, at least at the physical port interface.

Joseph W. Doherty
Hall of Fame
Hall of Fame

I recall (???) some Cisco devices (of which later ones started to have the management port in its own VRF) allow you to change a management port's VRF assignment, but if so, that's really more to get the management port's IP into the global routing table.

As to using the management port as a "normal" port, I further recall (?) some routers allowed that but some or all of those routers' management port have very, very (very) low throughput capacity.

I.e. there a good chance even if you can get the management port to logically function link another routed port on the router, you'll find it cannot handle any real substantial traffic forwarding.

Elopower123
Level 1
Level 1

Thanks for your replies, have found a work around for the interface issue, but then another issue came up. 

 

When my ISP advertised their full BGP table to us the router froze while receiving the routes, which was very weird. So I checked the memory using the "sh version" command and this is the output I got

 

cisco ISR4331/K9 (1RU) processor with 1795999K/6147K bytes of memory.
Processor board ID FLM440932DC
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3207167K bytes of flash memory at bootflash:

 

I guess the physical memory is up to the 4GB as advertised but I want to understand the different divisions of the memory as represented by the output and also which part or exactly how much of the memory is being used for the BGP routing.

 

Thanks.

 

 

Hello @Elopower123 ,

I'm afraid that you need to buy a feature license to use the whole 4GB memory or there is a service module installed using 2GB

 

>> cisco ISR4331/K9 (1RU) processor with 1795999K/6147K bytes of memory.

 

>> 4194304K bytes of physical memory.

 

In some cases Cisco ship the branch router with full memory but then requires a license to use all of it.

But this should not be your case

see

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html

 

Hope to help

Giuseppe

 

Hi Larosa,

 

From the document in the link you sent the default functioning RAM is 4GB upgradeable to 16GB. I stand to be corrected but I believe this means that I should be able to use 4GB of RAM out of the box without any upgrade (just like the base throughput of 100Mbps) but then purchase a feature license if I want to upgrade it to a higher capacity.

 

Or am I mistaken about this?

Hello @Elopower123 ,

your understanding is correct you can upgrade to 8 or to 16 GB but the base should be 4GB

 

Hope to help

Giuseppe

 

Hi Larosa,

 

So in your opinion where do you  think the issue may be coming from, and if you were to, how would you advise I proceed?

 

Thanks

Hi Larosa,

 

Also I checked the output of the sh version command again and i saw this

"System returned to ROM by Critical software exception, check bootflash:crashinfo_RP_0 0_00_20150102-013231-WAT"

 

Could you please help on how I could investigate this further to gain more insight into what caused the router to freeze

 

Thanks

Hello @Elopower123 ,

if you have a valid contract for the device you can open a ticket with Cisco TAC and submit the crash info file to them.

 

>> "System returned to ROM by Critical software exception, check bootflash:crashinfo_RP_0 0_00_20150102-013231-WAT"

Critical software exception is quite generic and it may mean different things:

a true software problem occurred during router operations

lack of free memory to allocate for BGP loading

Even an hardware issue related to memory

 

By the way, if you have NTP enabled the time of the crash file is 20150102 ?

 

Hope to help

Giuseppe

 

Hi Larosa,

 

If I'm not mistaken I guess a valid contract would have to mean that I got the device directly from CISCO right?

Damoab
Level 1
Level 1

Hello, You must be so careful using this interface, have a look on the router QA:

 

https://community.cisco.com/t5/routing/configure-management-port-isr-4331/td-p/4182209 

 

 

 Q.    What is the purpose of the GigabitEthernet0 on the Cisco 4000 Series?
A.     The GigabitEthernet0 is the dedicated management port on the Cisco 4000 Series. 
This interface connects directly to the control-plane CPU and is ideal for managing the router through Telnet,
Secure Shell (SSH) Protocol, Simple Network Management Protocol (SNMP), and other management protocols.
It is also ideal for downloading software images, uploading logs, and connecting to other management devices such as RADIUS,
Network Time Protocol (NTP), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and TACACS servers.
This interface should never be used for forwarding normal data traffic through the system because every packet goes directly to the control-plane CPU,
bypassing the platform data plane. Because of this sensitivity, G0 is in a dedicated Mgmt-Intf Virtual Route Forwarding (VRF) port by default.
This setup prevents accidental routing mistakes that could cause data traffic to be routed to the management network.


INMHO is not a good to place ISP/LAN iBGP traffic on that interface, which will reach directly into control plane CPU. I'm fairly new on that but maybe this traffic will avoid data and forwarding plane before to hit the CPU, this not sounds nice for me in terms of a WAN link.

 

 

Review Cisco Networking for a $25 gift card