- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2018 11:08 AM
Hello everyone,
I have a setup where there are 2 hosts, hostA and hostB which are directly connected to mgmt ports of 2 n3k switches.
HostA is connected to mgmt port of switch1 and hostB is connected to mgmt port switch2.
Both of the mgmt ports have their address in the same subnet. I thought about adding a route in management vrf hoping that I could somehow use the mgmt ports directly to get from one to another, but it doesn't seem to work this way.
ip route 10.203.2.14/32 10.203.2.13/32 vrf management
% Next-hop cannot be local address in same or different vrf
Is there a way to route traffic from switch1 mgmt to switch2 mgmt, so that hostA and hostB both can access switch1 and switch2 somehow?
I know I can add an SVI and ssh there, but I would prefer not to, if that is possible.
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 05:05 AM
A separate management VRF can be created to accomplish this using standard ports on the N3Ks. The built-in MGMT ports are as the other individual eluded to, only for simple OOB MGMT. They actually run on a separate control and data plane allocation from the rest of the the switch, as to ensure administrators could still have emergency access when issues on the traffic control and data plane existed that took down access. Unfortunately, this resource slim MGMT port has very limited functionality, it can have an IP and gateway.... You cannot do typical full routing, use if as a netflow source, or do other resource complex functions. Again, Cisco designed these specific interfaces for this simple functions intentionally, as to ensure they are there to be SSH'd into when you need them. Your requirement appears to require the creation of an alternative management VRF, using standard built-in ports, with all their functionality. The other option is that your MGMT interfaces' gateways be able to handle the routing needed to interconnect all network segments that you need.
Cheers,
P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2018 11:20 AM
Please share your topology and requirement and will be able to suggest you the best approach
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 02:08 AM
An oob network, yes..
Here's a diagram, sorry if it is not very good:
In this case, if hostA goes up in flames, or is otherwise not functional, there would be no way to access switch1 (only the mgmt0 port is up and has an ip address, there are no SVI to ssh into).
But since the two switches are in a VPC domain, I was hoping I could get to the management port of one through the other..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 05:05 AM
A separate management VRF can be created to accomplish this using standard ports on the N3Ks. The built-in MGMT ports are as the other individual eluded to, only for simple OOB MGMT. They actually run on a separate control and data plane allocation from the rest of the the switch, as to ensure administrators could still have emergency access when issues on the traffic control and data plane existed that took down access. Unfortunately, this resource slim MGMT port has very limited functionality, it can have an IP and gateway.... You cannot do typical full routing, use if as a netflow source, or do other resource complex functions. Again, Cisco designed these specific interfaces for this simple functions intentionally, as to ensure they are there to be SSH'd into when you need them. Your requirement appears to require the creation of an alternative management VRF, using standard built-in ports, with all their functionality. The other option is that your MGMT interfaces' gateways be able to handle the routing needed to interconnect all network segments that you need.
Cheers,
P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2018 06:55 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 02:10 AM
I guess I'll just keep it as it is. Anything else will just add to complexity, and there is always an option to just change the (outlying) cables in case something goes wrong.
