Cisco 3850 mgmt-vrf

isdollsm1 · ‎05-22-2015

I am moving from the 3750 series to the 3850 series and wanted to know if I need to use the mgmt-vrf port. From what I have read it is the out of band port and I use the vrf port on some of our Nexus switches so I am familiar but would you use that mgmt-vrf port over using Vlan1? May seem like a dumb question but if I am in a IDF closet with a stack of 4 switches that connect back to our core via fiber what would you plug that vrf port into? From the below doc seems like you need some type of other connection device? Thanks for the help

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/int_hw_components/configuration_guide/b_int_3se_3850_cg/b_int_3se_3850_cg_chapter_0100.html#concept_A3C1CD368FAC4C189BECDDD80BBB8087

Mark Malone · ‎05-22-2015

Yes thats a management port exactly what you said out of band management so its a separate physical network from your production network and would connect back to a separate oob management switch along with other devices that also have management ports , its a dedicated network for managing your devices ,ensures connectivity at all times to your devices and provides a security for management traffic segregating it from production traffic

isdollsm1 · ‎05-22-2015

Thanks Mark. Since the vrf port is ethernet I would have to have a way to get it to connect back to a central device or other switch? Would there be a down side on using Vlan1 if I cant use vrf? Thanks

Mark Malone · ‎05-22-2015

Hi If your going to set it as a full management port you would need to give it an ip address as it needs to be reachable remotley , i dont think you can set them as switchports to belong in vlans , you should be able to remove the vrf commands from the port though but i would need to test that, our oob setup everything(all management ports from each device) are in the same subnet as its all segregated anyway and allows for reachability to all devices easily but its physically separate from production all management ports linking back to redundant central control oob switches.

Supported Features on the Ethernet Management Port

The Ethernet management port supports these features:

Express Setup (only in switch stacks)
Network Assistant
Telnet with passwords
TFTP
Secure Shell (SSH)
DHCP-based autoconfiguration
SMNP (only the ENTITY-MIB and the IF-MIB)
IP ping
Interface features
- Speed—10 Mb/s, 100 Mb/s, 1000 Mb/s, and autonegotiation
- Duplex mode—Full, half, and autonegotiation
- Loopback detection
Cisco Discovery Protocol (CDP)
DHCP relay agent
IPv4 and IPv6 access control lists (ACLs)
Routing protocols

s per your doc

Reza Sharifi · ‎05-22-2015

If you use vlan1 than you just need to add that to your trunk (in-band). The mgmt port has to have an IP address and treated like a host and can't be added to any vlan . Also, you can't remove that port from the VRF. If you are planning to have an out-of-band management system than the mgmt port is designed for that. All you need is an IP address and a default route pointing to whatever switch you connect the mgmt port to.

HTH

bret · ‎10-06-2015

I imagine you got your mgmt. interface working, but figured I would put this out there for the other folks looking.

vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family

interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-vrf
ip address 172.23.1.10 255.255.255.224
negotiation auto

ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 172.23.1.1 name Mgmt-DefaultRoute