Re: Stackwise virtual management interface subnet disparity

hrtendrup · ‎06-12-2023

I have a pair of Catalyst 9500 chassis in different IDF rooms. I have logically paired them into a single chassis with stackwise-virtual configs. My issue is that the local management subnets are not extended between the two rooms, what is the conventional way to apply a different IP config to the management interfaces based on which VS member is active? Might also need to update a default route for the Mgmt-vrf, but that might be kluged around by just having 2 0/0 routes pointing to two different gateways and let the switch figure out which one to install based on ARP.

In this example: I'd want gig0/0 on the left to have an ip address of 192.168.10.10/24 when it's the active stackwise member and then gig0/0 on the right to have 192.168.20.10/24 after a switchover.

Another possible solution might be to apply both addresses to gig0/0, one as a secondary, but in that case the 0/0 route would have to be updated as these switched over. So far, I haven't found a suggested way to do this. I'm thinking an EEM script? Possibly some IPSLA next-hop tracker? This feels like I'm making this harder than it needs to be.

Thoughts?

M02@rt37 · ‎06-12-2023

Hello @hrtendrup,

In a stackwise-virtual setup, the management IP address is associated with the virtual switch rather than individual physical switches. The management IP address is configured on the virtual switch and remains the same regardless of the active member in the stack.

If you require separate management IP addresses for each physical switch in different IDF rooms, you may need to consider alternative solutions such as using separate VLANs for management or configuring management access through a separate management network.

Or, you can utilize EEM to dynamically change the management IP address or perform other actions based on events or conditions.

To achieve your desired outcome of changing the management IP address based on the active stackwise-virtual member, you can write an EEM script that detects a switchover event and updates the management IP address accordingly.

Create an EEM applet that triggers on the switchover event. You can use the event "sys-ha-switchover" to detect a stackwise-virtual switchover. Use the appropriate EEM actions to change the management IP address. This can include configuring the interface IP address or modifying a loopback interface used for management.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

hrtendrup · ‎06-12-2023

Thank you. I had been working on an EEM applet but in the course of writing/testing/debugging, I thought it might be worthwhile posting about it because I can't be the first person to have run into this. Thank you for your insight.

MHM Cisco World · ‎06-12-2023

Sorry you want to to access both SW via two differet mgmt IP?

hrtendrup · ‎06-12-2023

Only the active SW member will respond to mgmt interface. Since they are in different locations, the same mgmt subnet isn't available, so there needs to be some dynamic way to reconfigure the interface based on which member is active. I think EEM will be the only way to automate those changes on the fly. I was posting in hopes that someone had either come up with some novel solution to this issue without having to rely on EEM or there was a de facto standard EEM applet that has been published and people just started using.

MHM Cisco World · ‎06-12-2023

I get issue I will looking for solution update you soon.

Thanks

MHM

hrtendrup · ‎06-12-2023

Going to try this, I'll report back with results (if I can find a non-prod pair of 9500s to muck with):

event manager applet MGMT_IFACE_SSO_RECONFIG
event syslog pattern "HA-6-SWITCHOVER"
action 010 set IP1 "192.168.10.10"
action 020 set MASK1 "255.255.255.0"
action 030 set DGW1 "192.168.10.1"
action 040 set IP2 "192.168.20.10"
action 050 set MASK2 "255.255.255.0"
action 060 set DGW2 "192.168.20.1"
action 070 set MVRF "Mgmt-vrf"
action 080 set MIFACE "GigabitEthernet0/0"
!
action 090 cli command "enable"
action 100 cli command "show switch"
action 110 regexp "([0-9]+) +Active" "$_cli_result" MATCH ACT_SW
!
action 120 if $ACT_SW eq "1"
action 125 syslog msg "Switch 1 active"
action 130 set IP $IP1
action 140 set MASK $MASK1
action 150 set DGW $DGW1
action 160 elseif $ACT_SW eq "2"
action 165 syslog msg "Switch 2 active"
action 170 set IP $IP2
action 180 set MASK $MASK2
action 190 set DGW $DGW2
action 200 else
action 205 syslog msg "Unknown switch active, aborting"
action 210 exit
action 220 end
!
action 230 cli command "configure terminal"
action 240 cli command "interface $MIFACE"
action 250 cli command "ip interface $IP $MASK"
action 260 cli command "no shutdown"
action 270 cli command "exit"
action 280 cli command "no ip route vrf $MVRF 0.0.0.0 0.0.0.0 $DGW1"
action 290 cli command "no ip route vrf $MVRF 0.0.0.0 0.0.0.0 $DGW2"
action 300 cli command "ip route vrf $MVRF 0.0.0.0 0.0.0.0 $DGW"
action 310 cli command "end"
action 320 cli command "copy running-config startup-config"
action 330 cli command ""
action 340 cli command ""