Solved: Nexus 4001i vrf NXOS mgmt1

ArrowSIVAC · ‎12-05-2011

Environment:

IBM BCH Chassis

CISCO Nexus 4001i switch bay 7

Goal:

Download latest version of NXOS to system.

Issue. I do not have any more 100Mb ports left to connect the managment dedicated external port for the swiches. I simply wish to utilize the bridged mgmt1 interface through the Advanced Managment Module of the IBM Chassis.

I can SSH into the Nexus 4001i, I simply wish to TFTP download the upgraded version of the NXOS, but within the NXOS it can not use the vrf to route out through mgmt1 to the other servers. All managment traffic rides over managment VLAN 11 which is the same VLAN as the IBM Blade Managment Module.

Current Configuration

interface mgmt0

shutdown force

description external mgmt interface

interface mgmt1

description internal AMM bridged Interface

vrf context management

ip route 0.0.0.0/0 172.20.11.1

TFTP Server 172.20.3.2 (and I just used it to upgrade the 5010 CISCO Switches so I know it works

Ping with out VRF specfication

sw14# ping 172.20.3.2

PING 172.20.3.2 (172.20.3.2): 56 data bytes

ping: sendto 172.20.3.2 64 chars, No route to host

Specifiy the vrf of the interface to be the IP segment bound to mgmt1

Ping with VRF specification

sw14# ping 172.20.3.2 vrf management

PING 172.20.3.2 (172.20.3.2): 56 data bytes

ping: sendto 172.20.3.2 64 chars, No route to host

Request 0 timed out

ping: sendto 172.20.3.2 64 chars, No route to host

Question: Can I set the default vrf to be mgmt1 or specify mgmt1 to be on vrf "managment" and would that solve this?

krunal_shah · ‎12-09-2011

What I meant is Nexus 4000 has 3 VRFs.

Default – Typically used for “in-band” management (not via mgmt0 or mgmt1 but a layer 3 vlan interface)

• Management – Used for “out-of-band” management by interface mgmt0. This is the typical mgmt port and VRF you would find on the nexus 7000.

• Chassis-management – Used for “out-of-band” management by interface mgmt1 (via AMM web GUI or pass through)

10.5.10.15 is my TFTP server which is reachable via mgmt1 port.

switch# ping 10.5.10.15 vrf chassis-management

PING 10.5.10.15 (10.5.10.15): 56 data bytes

64 bytes from 10.5.10.15: icmp_seq=0 ttl=125 time=13.422 ms

64 bytes from 10.5.10.15: icmp_seq=1 ttl=125 time=4.051 ms

64 bytes from 10.5.10.15: icmp_seq=2 ttl=125 time=22.729 ms

64 bytes from 10.5.10.15: icmp_seq=3 ttl=125 time=23.099 ms

64 bytes from 10.5.10.15: icmp_seq=4 ttl=125 time=23.077 ms

--- 10.5.10.15 ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min/avg/max = 4.051/17.275/23.099 ms

switch# copy tftp://10.5.10.15/n4000-bk9-kickstart.4.1.2.E1.1g.bin bootflash: vrf chassis-management

Trying to connect to tftp server......

Connection to Server Established.

[ ] 0.50KB

[# ] 4.50KB

[## ]

View solution in original post

krunal_shah · ‎12-09-2011

Try using chassis-management vrf which is used for “out-of-band” management by interface mgmt1 (via AMM web GUI or pass through).

ArrowSIVAC · ‎12-09-2011

Sure.. that is my goal.

To be able to ssh into the switch and download the latest code version, or upload the version of configuation to a repository server.

sw14# sh run

version 4.1(2)E1(1d)

ip host sw14 172.20.11.88

switchname sw14

vrf context management

ip route 0.0.0.0/0 172.20.11.1

sw14# ping 172.20.3.1

PING 172.20.3.1 (172.20.3.1): 56 data bytes

ping: sendto 172.20.3.1 64 chars, No route to host

The GUI does not work either

krunal_shah · ‎12-09-2011

What I meant is Nexus 4000 has 3 VRFs.

Default – Typically used for “in-band” management (not via mgmt0 or mgmt1 but a layer 3 vlan interface)

• Management – Used for “out-of-band” management by interface mgmt0. This is the typical mgmt port and VRF you would find on the nexus 7000.

• Chassis-management – Used for “out-of-band” management by interface mgmt1 (via AMM web GUI or pass through)

10.5.10.15 is my TFTP server which is reachable via mgmt1 port.

switch# ping 10.5.10.15 vrf chassis-management

PING 10.5.10.15 (10.5.10.15): 56 data bytes

64 bytes from 10.5.10.15: icmp_seq=0 ttl=125 time=13.422 ms

64 bytes from 10.5.10.15: icmp_seq=1 ttl=125 time=4.051 ms

64 bytes from 10.5.10.15: icmp_seq=2 ttl=125 time=22.729 ms

64 bytes from 10.5.10.15: icmp_seq=3 ttl=125 time=23.099 ms

64 bytes from 10.5.10.15: icmp_seq=4 ttl=125 time=23.077 ms

--- 10.5.10.15 ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min/avg/max = 4.051/17.275/23.099 ms

switch# copy tftp://10.5.10.15/n4000-bk9-kickstart.4.1.2.E1.1g.bin bootflash: vrf chassis-management

Trying to connect to tftp server......

Connection to Server Established.

[ ] 0.50KB

[# ] 4.50KB

[## ]

ArrowSIVAC · ‎12-10-2011

Thanks for the details. I reviewed the configuration and manual but did not see any referance to "vrf chassis-management"

The only mention at all of their being a vrf called "chassis-management" is in the context of protected mode to disable the path through the AMM for managment. (Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration Guide Release 4.1(2)E1(1) Page 32-2).

This does not appear in the examples redbook, deployment guide, or n5k_fcoe_ops Configuation Example.

Seems that would be something noted and reviewed as part of the documentation.

Seems to me that if a vrf exists it should show up somewhere in the "show run" and "show interface brief" commands.

Thanks for the help.

krunal_shah · ‎12-12-2011

I do not see usually mgmt1 port being used. Most of the customers have their network team to manage nexus 4000 using mgmt0 port so they can telnet,ssh or do some other management stuff in management vrf.

chassis-management vrf is used with AMM so that server guys can have some control over the switch module. Doing software upgrades and other management should be from mgmt 0 port.

mgmt1 is internal port and it is assigned to vrf chassis-management and used by AMM and mgmt0 is external port assigned to vrf management.