Solved: Re: Move mgmt IP off mgt port over to SVI

DAVID · ‎08-02-2021

I have a simple question. I have a 3850 switch where the mgmt vlan/IP has always been assigned to the mgmt0/0 interface on the back of the switch. However our L2 wan topology has changed where I need to move the mgmt IP off the mgt port over to an SVI configured on the switch and here's the reason. Connected to a trunk port on the same switch is our L2 connection from Lumen to a remote DC that we have. Currently on the trunk port we have vlan 777 and we have traffic passing over this vlan with no issues. At the other end of this L2 circuit we have a cat 9300 switch with two vlans configured but the mgmt IP is configured as an SVI on the same mgmt vlan as the Cisco 3850 in the office. This mgt vlan is 172.16.28.0/24 with the GW for this vlan terminating on our Cisco 6807 switch at 172.16.28.1.

So the 3850 was discovered with the mgmt IP only on the gi0/0 with no default-gateway configured but at the other side of this L2 connection, the mgt IP is on the configured SVI with the default gateway of 172.16.28.1.

My question is when I move the mgmt IP of the 3850 over to a SVI for the management IP and configure the ip default-gateway to 172.16.28.1 will then the mgmt IP of the 9300 at the other end of the L2 connection now become accessible and the current traffic on the existing 3850 be unaffected but the introduction of this SVI and the IP default-gateway?

Currently both the 3850 and 9300 switch are not running IP Routing but have existing trunks connections with remote data centers over Lumen's L2 connection.

paul driver · ‎08-02-2021

Hello

Changing the mgt address of any switch wont affect any lan traffic to/from that switch, so you should be good, Just make sure the mgt vlan is allowed to traverse any trunks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

balaji.bandi · ‎08-02-2021

As i understand the topology you looking to deploy below :

CAt 9300 SVI VLAN 700--(Ethernet) ------Trunk------(Ethernet) SVI VLAN 700-3850

yes, this works, if only the Layer 2 default gateway is good enough, since you configuring management, suggest performing this task on the console.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

paul driver · ‎08-02-2021

Hello

Changing the mgt address of any switch wont affect any lan traffic to/from that switch, so you should be good, Just make sure the mgt vlan is allowed to traverse any trunks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

balaji.bandi · ‎08-02-2021

As i understand the topology you looking to deploy below :

CAt 9300 SVI VLAN 700--(Ethernet) ------Trunk------(Ethernet) SVI VLAN 700-3850

yes, this works, if only the Layer 2 default gateway is good enough, since you configuring management, suggest performing this task on the console.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DAVID · ‎08-03-2021

Thanks. I just needed to have the confirmation. Sometimes we forget the basics because we spend so little time with them. Essentially, I will sit at my desk in one city and access the 9300 switch sitting in another city over the L2 trunk link with the mgmt vlan on a SVI traversing the trunk. I will console into 3850 and move mgmt IP off of dedicated mgmt port over to a new SVI with same IP and newly created ip default-gateway for mgmt ip address only. This should not affect the L2 trunks already on the switch to other remote data centers?

balaji.bandi · ‎08-03-2021

As Long as the future link not there..there is no Loops

as suggested since this required console access to make changes, since you rely on exiting management IP using to change.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DAVID · ‎08-03-2021

Which brings me to my next question. Regarding that future link. We have a management network that I need to have at each location for mgmt access to network equipment, TACACS, etc. However, I can't have the same mgmt network at all three places at the same time on a L2 topology. Which means I need to have a site specific mgmt network at each location which means L3 on each switch at each location. Can you confirm I am in the right direction? Ex. Office: vlan 93/172.16.28.0/24 GW 172.16.28.1. SIte1: vlan 94/172.16.27.0/24 GW 172.16.27.1 Site 2: Vlan 95/172.16.26.0/24 GW 172.16.26.1

balaji.bandi · ‎08-04-2021

 I can't have the same mgmt network at all three places at the same time on a L2 topology.

You can have same VLAN can be used , until you like to have different one (for me do not need to be)

When you use VLAN 700 as manangment all over, Due to spanning treee 1 of the link will be blocked and as expected, that not going to create any issue, make sure you use Rapid spanning treee to converge faster.

Allow only required VLAN in that trunk to eliminate other VLAN Loops, rather just trunk port (which allow default 1-4096)

Can you confirm I am in the right direction? Ex. Office: vlan 93/172.16.28.0/24 GW 172.16.28.1. SIte1: vlan 94/172.16.27.0/24 GW 172.16.27.1 Site 2: Vlan 95/172.16.26.0/24 GW 172.16.26.1

You like to go this way to address Layer 2 issue, can be done this way, but IP space getting wasted (i know it is RFC1918 address space), its easy to remember VLAN 700 as MGMT, rather all VLAN numbers.

Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help