12-18-2013 09:49 AM - edited 03-07-2019 05:09 PM
So I am trying to get the FastEthernet 1 interface on my two 4500-X switches configued with a management VLAN IP. I have configured them with an IP Address and have the switchport they are connected to set to an access switchport for the management VLAN.
I am not certain why I am not able to get the devices to connect to the rest of the network so that I can manage them via the IP on FA1. It is a very simple config.
dc4500x-2#show run int fa1
Interface FastEthernet 1
vrf forwarding mgmtvrf
IP Address x.x.x.x x.x.x.x
speed auto
duplex auto
This interface is connecting to a 6509E
AdminCore-6509E#show run int g1/48
interface GigabitEthernet1/48
description dc4500x-2
switchport
switchport access vlan 30
no ip address
end
What is it that I am missing? I can ping the 4500 from the 6509 but I cannot ping the 6509 from the 4500. Nor can I ping the 4500 from a laptop on the network.
Solved! Go to Solution.
12-18-2013 11:21 AM
12-18-2013 11:32 AM
You'd need to have a vrf that you're attaching your interface to.
Do a "show ip vrf" and see if it comes back with anything; if not, you'll need to create it.
ip vrf mgmtvrf
rd 1:1
route-target both 1:1
The 1:1 are identifiers to determine what routes to pull into and export out of the vrf. Then do everything that Jon mentions above.
HTH,
John
*** Please rate all useful posts ***
12-18-2013 09:54 AM
I don't have a config like this, but when you put an address on an interface, it takes that interface and puts it into an internal vlan and assigns it to the port. That vlan won't match to what you have configured. What you should do is create an svi for vlan 30 and then add that interface to your vrf.
int vlan 30
vrf forwarding mgmtvrf
ip address
no ip address on fa1, but add it to vlan 30.
HTH,
John
*** Please rate all useful posts ***
12-18-2013 10:04 AM
I do not see where you can add the fa1 interface to vlan 30. Nor can I set vrf forwarding on the vlan interface with this switch.
12-18-2013 10:54 AM
Kris
To ping the 6509 from the 4500 try -
ping vrf mgmtvrf x.x.x.x <--- where x.x.x.x is the 6509 IP
To be able to reach it from a remote network ie. your laptop add a default route to the vrf ie.
"ip route 0.0.0.0 0.0.0.0 y.y.y.y vrf mgmtvrf" <---- where y.y.y.y is presumably is the next hop IP of the subnet you used on the fa1 interface on the 4500.
Note - make sure you add the "vrf mgmtvrf" bit at the end of the ip route statement or it will add it to the global routing table and that could break everything.
To check the vrf routing table - "sh ip route vrf mgmtvrf"
Jon
12-18-2013 10:59 AM
I looked at adding that and the only options are as follows:
<1-255> Distance metric for this route
multicast multicast route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
track Install route depending on tracked item
What I have input is as follows:
ip route 0.0.0.0 0.0.0.0 x.x.0.1 vrf mgmtvrf
This errors out at the begining of "vrf...." So I looked at the options after inputting the next hop IP.
12-18-2013 11:21 AM
Kris
Sorry, can you try -
ip route vrf mgmtvrf 0.0.0.0 0.0.0.0
Jon
12-18-2013 11:27 AM
I can input that information but then get the following. I will say that this part is a bit out of what I am normally used to.
"vrf mgmtvrf does not exist. Create first."
So the assistance of others here is greatly appriciated. :-) I guess I may also need to further consult the senior Network guy (aka google / Cisco documentation).
12-18-2013 11:32 AM
You'd need to have a vrf that you're attaching your interface to.
Do a "show ip vrf" and see if it comes back with anything; if not, you'll need to create it.
ip vrf mgmtvrf
rd 1:1
route-target both 1:1
The 1:1 are identifiers to determine what routes to pull into and export out of the vrf. Then do everything that Jon mentions above.
HTH,
John
*** Please rate all useful posts ***
12-18-2013 11:43 AM
So two parts here and THANK YOU for the assistance.
interface FastEthernet1
vrf forwarding mgmtVrf
ip address x.x.0.102 255.255.255.0
speed auto
duplex auto
end
&
switch#(config)#do show ip vrf
Name Default RD Interfaces
Liin-vrf
mgmtVrf
&
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 x.x.0.1
With these options I am now able to ping the FA1 interface from laptop on a different VLAN.
Again thanks for the help.
12-18-2013 11:34 AM
Kris
The documentation is a bit cryptic to be honest (i have just checked it). I also did a quick search and found a post for 4500-X management port and they had added that route for the vrf. Basically your switch is saying to create the vrf with -
4500(config)# ip vrf mgmtvrf
but i wouldn't do that because i'm not sure what might break. The IPBase license does not support VRF-Lite which is basically what this is but i'm not sure how you are meant to get to the mgmt port otherwise unless Cisco meant you to only connect via a device in the same subnet.
The docs are cryptic ie. they show a mgmt device connected a number of hops away and then say that only the 4900s support routing protocols on the mgmt port. It's unclear whether they mean dynamic routing protocols or not.
I suspect you do need to create the vrf in the config as above but the docs are so vague i can't promise it wouldn't affect the switch.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide