Solved: Nexus 5548UP - Management Interface

Nicholas Sheridan · ‎04-22-2013

Guys,

How separate is the management interface on a Nexus 5548?

In context - what's the risk of having a layer 2 only Nx5K in a DMZ and running the managment ports down into an internal managment VLAN, to form peer-keepalive links and software upgrades.

Thanks

Nik

Reza Sharifi · ‎04-22-2013

No, you can't create loop with monument interface. It is in a separate vrf, out of band and also a host port. As you said, it is just a NIC.

HTH

View solution in original post

sean_evershed · ‎04-22-2013

What you describe is a supported Nexus deployment.

I'm not sure what you mean by separate, however the Management interface is assigned to its own Management VRF. This separates the management traffic from other VRFs and the global routing table. This in turn helps to improve security.

See below:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/initconfig.html#wp1110654

Don't forget to rate all helpful posts.

Nicholas Sheridan · ‎04-22-2013

Good to hear may thanks

I guess - is the mgmt0 interface participate in bridging traffic? As such could the mgmt 0 interface create a layer 2 loop? Or it is just a NIC (i.e. a non-switchport)?

Reza Sharifi · ‎04-22-2013

No, you can't create loop with monument interface. It is in a separate vrf, out of band and also a host port. As you said, it is just a NIC.

HTH

Nicholas Sheridan · ‎04-22-2013

Reza,

Nice one cheers, spot on.

Many thanks nik