C4500-X - How to configure/use management ports (Fa1) and services through those ports (DNS, NTP)

Flavio Boniforti · ‎05-03-2015

Hi there.

I could install my very first 4500-X VSS stack (2 members) and I connected the Fa1 of both switches to the network. On that Fa1 I do have the management IP. It's configured like this:

interface FastEthernet1
description management
vrf forwarding mgmtVrf
ip address 172.30.1.11 255.255.255.0
speed auto
duplex auto
end

Now, as the mgmt-VLAN ID on that network is VLAN ID 30, I simply connected both Fa1 ports to 2 ports which are untagged in VLAN 30. So far so good, I am able to reach the switch from wherever I need to. What I now am missing, is that this VSS stack is not able to do DNS lookups and no NTP is working as well. Here the relevant config parts:

ip domain-lookup source-interface FastEthernet1
ip domain-name hegu.ch
ip domain-name vrf mgmtVrf mydomain.com
ip name-server 172.16.100.110
ip name-server 172.16.100.111
ip name-server vrf mgmtVrf 172.16.100.110
ip name-server vrf mgmtVrf 172.16.100.111

[...]

ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 172.30.1.1
[...]

ntp source FastEthernet1
ntp server 172.16.100.110 prefer
ntp server 172.16.100.111

[...]

If I do ping some public IP, via the mgmtVrf VRF, I am successfull.

Could anybody share, what the best practice would be here? Or where did I go wrong?

Thanks and regards,

Flavio.

Reza Sharifi · ‎05-03-2015

Hi,

Assuming you are using the out-of- band mgmt switch for time or using it to get to the time server.

Can you add the NTP commands to the mgmt vrf and test again?

ntp server vrf mgmtVrf 172.16.100.110

HTH

Peter Koltl · ‎03-15-2016

https://ltlnetworker.wordpress.com/2015/08/16/management-network-topology-and-asymmetric-routing/