Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
3
Replies

Stretch a network Management VLAN to a remote site

shubham-bhabad
Level 1
Level 1

‎11-18-2024 01:51 AM - last edited on ‎11-18-2024 03:09 AM by Community Manager

Below is the client requirement for that I have prepared proposed solution diagram in attached where both data and management vrf ingress and egress through same MPLS ISP by static route pointing to the next-hop IP addresses that are reachable through the MPLS tunnel.

shubhambhabad_0-1731923564809.png

ip route vrf Mgmt-intf <management_vlan_subnet> 255.255.255.0 <gateway_ip>
ip route vrf Data-intf <data_vlan_subnet> 255.255.255.0 <gateway_ip>

Please let us know any correction needs to be done to achieve the below client requirement. :-  What about the routes from 2 difference VRF?

 

 

R1 (the local router) and R2 (the remote router).

 

  1. In local router (R1), it’s management interface is routable to Management VLAN through a gateway of its management IP. This is the part we like your expertise on how to setup the remote router to have a IP within the same subnet as the Management Intf of R1, which is routable to Mangement VLAN.

The revise direction has to work as well. Meaning, the monitoring system in the Management VLAN, to the remote router having the IP within the same subnet as management IP of local router, has to reach the remote router.

 

R1

interface GigabitEthernet0

description -= Management Intf =-

vrf forwarding Mgmt-intf

ip address <masked>  255.255.255.0

negotiation auto

 

ip route vrf Mgmt-intf <masked>   255.255.255.255 <masked>  

 

  1. If you can refer the sh run of  R1 and R2, there are existing IPSEC tunnels between this pair of routers. There is no need to build new IPSec Tunnel from stretch.  For the requirement to have multiple IPSec Tunnel between a pair of routers. In our case, just 2 tunnels based on matching ACLs under “match address” .  We like to hear from you if this is even technically viable (can ask Cisco tech).
0 Helpful
3 Replies 3

Flavio Miranda
VIP
VIP

‎11-18-2024 02:43 AM - edited ‎11-18-2024 02:44 AM

@shubham-bhabad 

 The way I uderstood this, it will not work. I believe you need something similar to explained on this doc

Interface Gi0/0/2 seems to be part of Global routing table but you are trying to use it as gateway for MGMT VRF ?

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/ip-routing/b-ip-routing/m_iri-pbr-next-hop-verify-availability-for-vrf.html

 

0 Helpful

shubham-bhabad
Level 1
Level 1
In response to Flavio Miranda

‎11-18-2024 09:53 AM - edited ‎11-19-2024 08:38 PM

shubhambhabad_0-1731951996109.png

@Flavio Miranda As per this Diagram R1 is local router and R2 is remote router,

1) Between local and remote router 1 tunnel is already available for data traffic which is present in router R1,

2) Client want one more tunnel between Local and remote router for management traffic over same MPLS link. 

3) This management Vlan Subnet 192.168.1.0/24 remote router to have a IP within the same subnet as the Management Intf of R1

4) how to separate data and management traffic in R1 and forward in MPLS how to achieve this could you please help ?

0 Helpful

MHM Cisco World
VIP
VIP

‎11-20-2024 06:14 AM

can you more elaborate

MHM

 

0 Helpful
Customers Also Viewed These Support Documents