Management IP on 4500X when VLAN gateway is an SVI

Marvin Rhoads · ‎12-06-2012

I'm trying to figure out how to (or if I can) setup the management interfaces (fa1) on a couple of new 4500X switches. My issue is that the 4500X's themselves are the gateway for my management VLAN (.1 HSRP virtual, .2 and .3 SVIs on the pair of switches).

I would like to assign addresses from the management VLAN to the router Fa1 management interfaces but the software configuration guide seems to note this is not supported (and indeed it doesn't seem to work).

Physically I have Fa1 from core-1 into a port on an adjacent switch. Fa1 from core-2 also goes into a port on that adjacent switch. Both are in my management VLAN, whose SVIs are on the cores themselves.

Marvin Rhoads · ‎12-08-2012

Bump.

Anyone?

I do have a default gateway setup on the mgmtVrf which is the forwarding VRF for Fa1.

Reza Sharifi · ‎12-08-2012

The fa1 is an out of band management port and is in a separate vrf. That means, the routing table for the vrf management is different than your global routing table. You are trying to connect the management vrf to the global routing table. This will not work. The SVI for the management interface (fa1) from the 4500 should be in another device and not itself. If not it defeats the purpose, and you may as well use an in band vlan for management without using the out of band one.

Out of band management interface in vrf is a new feature for most newer platforms like 4500x 5ks, 7ks, etc...

HTH

Marvin Rhoads · ‎12-08-2012

Thanks - Yes, I know about the separate VRF. On a Nexus 5K I can use the Management port and still point the mgmtVrf back to an SVI (or HSRP virtual) that lives on the Nexus global routing table. e.g., the following configuration works on NX-OS:

vrf context management

ip route 0.0.0.0/0 10.0.88.1

interface Vlan88

no shutdown

ip address 10.0.88.2/24

ip ospf passive-interface

hsrp 1

preempt

priority 120

ip 10.0.88.1

interface mgmt0

ip address 10.0.88.88/24

An equivalent configuration does not work on a 4500X running IOS-XE.

I was just wondering about architectural options for a site where the 4500X pair are the only routers at the site. I tried pointing one 4500X mgmtVrf default route to the interface IP of the SVI on 4500 #2 but that didn't work. Even if I fire up a separate VLAN / SVI on a downstream L3 switch, the traffic still needs to route back through those core 4500Xs to get off-site.

Reza Sharifi · ‎12-08-2012

Thanks for the info regarding the 5k series and the config example (+5).

I did not know you could point the interface from the vrf back to the global. But then again, if you are trying to use the out of and management this way, doesn't it make sense to just use a vlan and use in band management?

Marvin Rhoads · ‎12-08-2012

Yes - the in-band management SVI is what I am using.

I was hoping for some trick to allow me to use the dedicated management port. I know I'm still depending on the switch's global RIB to get my traffic in and out but I like the appeal of the separate physical interface - I'm old school that way.

Thanks for the input.