10-03-2018 11:08 AM
Hello everyone,
I have a setup where there are 2 hosts, hostA and hostB which are directly connected to mgmt ports of 2 n3k switches.
HostA is connected to mgmt port of switch1 and hostB is connected to mgmt port switch2.
Both of the mgmt ports have their address in the same subnet. I thought about adding a route in management vrf hoping that I could somehow use the mgmt ports directly to get from one to another, but it doesn't seem to work this way.
ip route 10.203.2.14/32 10.203.2.13/32 vrf management
% Next-hop cannot be local address in same or different vrf
Is there a way to route traffic from switch1 mgmt to switch2 mgmt, so that hostA and hostB both can access switch1 and switch2 somehow?
I know I can add an SVI and ssh there, but I would prefer not to, if that is possible.
Solved! Go to Solution.
10-04-2018 05:05 AM
A separate management VRF can be created to accomplish this using standard ports on the N3Ks. The built-in MGMT ports are as the other individual eluded to, only for simple OOB MGMT. They actually run on a separate control and data plane allocation from the rest of the the switch, as to ensure administrators could still have emergency access when issues on the traffic control and data plane existed that took down access. Unfortunately, this resource slim MGMT port has very limited functionality, it can have an IP and gateway.... You cannot do typical full routing, use if as a netflow source, or do other resource complex functions. Again, Cisco designed these specific interfaces for this simple functions intentionally, as to ensure they are there to be SSH'd into when you need them. Your requirement appears to require the creation of an alternative management VRF, using standard built-in ports, with all their functionality. The other option is that your MGMT interfaces' gateways be able to handle the routing needed to interconnect all network segments that you need.
Cheers,
P
10-03-2018 11:20 AM
10-04-2018 02:08 AM
An oob network, yes..
Here's a diagram, sorry if it is not very good:
In this case, if hostA goes up in flames, or is otherwise not functional, there would be no way to access switch1 (only the mgmt0 port is up and has an ip address, there are no SVI to ssh into).
But since the two switches are in a VPC domain, I was hoping I could get to the management port of one through the other..
10-04-2018 05:05 AM
A separate management VRF can be created to accomplish this using standard ports on the N3Ks. The built-in MGMT ports are as the other individual eluded to, only for simple OOB MGMT. They actually run on a separate control and data plane allocation from the rest of the the switch, as to ensure administrators could still have emergency access when issues on the traffic control and data plane existed that took down access. Unfortunately, this resource slim MGMT port has very limited functionality, it can have an IP and gateway.... You cannot do typical full routing, use if as a netflow source, or do other resource complex functions. Again, Cisco designed these specific interfaces for this simple functions intentionally, as to ensure they are there to be SSH'd into when you need them. Your requirement appears to require the creation of an alternative management VRF, using standard built-in ports, with all their functionality. The other option is that your MGMT interfaces' gateways be able to handle the routing needed to interconnect all network segments that you need.
Cheers,
P
10-04-2018 06:55 AM
10-09-2018 02:10 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide