cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
5
Helpful
6
Replies

Nexus 5k managment

Andrew Bailey
Level 1
Level 1

I have an area of my network that idealy would like to be connected to the core soley by

two distribution nexus 5548s.  I have the peer keep alive configured on the default managment vrf. My question is how should I connect the managment interfaces on the nexus? While I understand the network pictured doesn't give me true out of band managment, because the 2948G switch uplinks go back to the nexus. Without connecting the 2948G straight back to the VSS core, is this the best way to do it?

Drawing1.jpg

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

You should uplink the 2900 directly to VSS using a routed port and not back to 5500.

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572830-00_Agg_Dsgn_Config_DG.pdf

HTH

View solution in original post

6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

You should uplink the 2900 directly to VSS using a routed port and not back to 5500.

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572830-00_Agg_Dsgn_Config_DG.pdf

HTH

Oleksandr Nesterov
Cisco Employee
Cisco Employee

Hello Andrew

True out-of-band will be possible if you will remove links from 2960 to non-management ports on n5k.

In that case traffic from management links willstay only within one swith and will not be mixed with your production traffic.

Also you can connect management link from your VSS to this 2960 switch and some monitoring, logging, config backup servers.

In case of issues with your production traffic, your devicess will be always reachable.

Otherwise any flood/storm will break the connection.

HTH,

Alex

Kevin Dorrell
Level 10
Level 10

Beware of this topology.  If your 2948G fails, then you will lose your VPC peer keepalive, which could be disastrous.  Does the 2848G have dual power supplies? I don't remember.  If it has a single power supply, then one day you will lose it.

Kevin Dorrell

Luxembourg

Andrew Bailey
Level 1
Level 1

Thank you for your responses...

Reza, ok I undstand that is the best way to do it, but if weren't going to have any other switche connections back to the core besides the N5k, would this be the "best" way to do it?

Oleksandr, I am not sure I am following you..

Kevin, no it doesn't have dual power supplies, I understand the risk of the peer keep alive failing if that switch fails. However, my understanding is that the peer keep alive is needed to form the peer link, not maintain it. So as long as I detect a future 2948 switch failure and repair it while the peer link is not interupted I should not have a problem. But if the peer link fails right after the 2948 fails, then yes I will have serious problems.

Andrew,

Your topology for your vpc keep alive is correct (connecting both 5ks to a 2900 using mgmt 0). If you are not going to connect the 2900 to another device (5ks or vss) than how are you planning to manage it?

Also, can you verify what devices are layer-2 and what devices are layer-3 in your topology?

HTH

Right now I have the 2948 connected to N5ks as shown in my diagram, so I can still manage it.  The core is layer 3 and the Nk5s are layer 3.

Review Cisco Networking for a $25 gift card