I've got a bunch of 3750-X switches all running IP Base and acting as a routed access layer. They run OSPF in a totally stubby area with the distribution layer (Nexus 7K) as the ABR. We also have a physically separate management network into which the fa0 management interface of the 3750-X is connected. The management network itself runs OSPF and has multiple subnets and external access.
On the 3750-X, I'd ideally like to be able to run some sort of separate OSPF process for the management network or at the very least have a static default route for management traffic pointing out the fa0 interface, but clearly not have it interfere with the main default route for data traffic coming from the N7K ABR. Any ideas how I can do this? Normally I'd just create a management VRF, sling the fa0 interface into it and run a separate OSPF process in that VRF. The problem is you can't create VRFs in IP Base! Surely there must be a way to do this? Cisco don't really expect customers to upgrade to IP Services just to have a working OOB Management network, do they?!
Thanks very much in advance!
As you already know if you want to have separate routing table for your mgmt the only way to do it is by using VRF Lite and the only you can have this function is by enabling IP Services.
The Nexus series by default come with mgmt being in a separate VRF which is nice
Sent from Cisco Technical Support iPhone App
Sigh, I fear you may be correct. My only option is to either ditch the OOB Management network and do it in-band, or try to find the budget to upgrade to IP Services.
If any Cisco bods are watching, consider this a feature request: in IP Base, could we have the ability to create a single VRF just for management purposes into which it was possible to put only the fa0 management interface?
I also agree that the OOB Ethernet port should have its own network information so that it does not confuse the switch routing table or other information with the OOB network.
Best case it would have its own hardware and software, I was so dissapointed when I realised that the OOB in the 3750x was just basically an overglorified switchport with limitations..
In some places we use Serial/ethernet converters to be able to do proper OOB. They work nice.
One nice model is Lantronix eds series. a lot cheaper than upgrading to services and you can have OOB.
This is one of those things that I was truly dissapointed with when it comes to the 3750x, a swich I truly like a lot in most other aspects. Maybe they will get it right in the next switch version.
I feel that disappointment too Hobbe. As Reza mentioned, it works really well on the Nexus platform and also on the ASRs, and if you have IP Services, which we do on some of our 3750-Xs, it also works there too. Indeed it would work on the 3750-X if you were running LAN Base, but in the half-way house of IP Base you're stuffed!
We do actually have Lantronix SecureLinx console servers as well, so we can get on the console port remotely in a emergency, which works well, but that's no good for SNMP, syslog, TFTP etc., which is what we want the OOB for (as well as SSH access).
It's little things like this that frustrate me with Cisco - great products in the main, don't get me wrong, but one just comes across little annoyances like this that make life unnecessarily difficult. And don't even get me started on the lack of LACP on the ISR G2s!