08-01-2024 01:45 AM
Hi, I want to implement a out of band management network on a group of 9K switches, 2 cores & 7 access switches, all with a dedicated mgmt port. I have a spare 3850 to which I can connect all the 9K`s to, however I've no idea on how to configure the ports. I know I need new ip addresses, a new vlan. I was told to also use a VRF to keep the out of band network totally segregated from the rest of the production network. Need some assistance/advise on what the mgmt port config would be on the 9K`s & also the other end of the link on the 3850 switch. Below is a network diagram of how the current network is setup.
Many thanks ...... Dparmar.
Solved! Go to Solution.
08-01-2024 02:35 AM
Nexus Configuration
=========================
interface mgmt0
ip address 172.10.10.10/24
vrf context management
ip route 0.0.0.0/0 172.10.10.1
show interface mgmt0
copy running-config startup-config
Connect mgmt0 port of nexus to 3850 and configure access port in 3850
============================
3850 Configuration
vlan 10
name OOB
interface GigabitEthernetX/X
switchport access vlan 10
switchport mode access
Core switch Configuration
============================
configure SVI in Core switch
interface vlan 10
ip address 172.10.10.1 255.255.255.0
08-14-2024 04:24 AM
08-01-2024 02:09 AM
On 3850 it will be usual access ports toward mgmt interfaces of Nexus.
How do you plan to gain access to this out-o-band network? Through the same core switches?
In such case, you can configure default gateway for the network on core and extend L2 to 3850. 3850 connect to core with VPC.
If you want separation (on VRF or even physically) please provide more details how you plan to do it or what outcome you expect.
08-01-2024 02:32 AM
08-01-2024 03:00 AM
> so I`m looking to get a DSL line into the data centre, the DSL router would then connect to the 3850.
In such case, you don't need any VRF/SVI configuration on core switches.
>So the default gateway on the 3850 would point to 10.200.99.1, would that be correct ?
3850 will be L2 only and default gateway will be on Core switches.
> I don`t know much about VRF, it was recommended, whether it is necessary or not I`m not sure. But if it is advisable to use a VRF, then I`d like to make use of it.
https://packetlife.net/blog/2009/apr/30/intro-vrf-lite/
>So, I would put each mgmt interface into that VRF, if that makes sense ?
In NX-OS mgmt0 already put in dedicated "management" interface.
08-01-2024 02:35 AM
Nexus Configuration
=========================
interface mgmt0
ip address 172.10.10.10/24
vrf context management
ip route 0.0.0.0/0 172.10.10.1
show interface mgmt0
copy running-config startup-config
Connect mgmt0 port of nexus to 3850 and configure access port in 3850
============================
3850 Configuration
vlan 10
name OOB
interface GigabitEthernetX/X
switchport access vlan 10
switchport mode access
Core switch Configuration
============================
configure SVI in Core switch
interface vlan 10
ip address 172.10.10.1 255.255.255.0
08-01-2024 02:43 AM
Hi Shambhu, thanks for the reply, that configuration does makes sense to me ; )
Just one question, is it just the one line required for the vrf, no other vrf config is requried ? I`m guessing the "context management", is just a name given to the VRF ?
Many thanks...........Dinesh.
08-01-2024 02:54 AM
Yes, management is vrf name. This is the running configuration.
08-14-2024 04:40 AM
Using vrf to separate mgmt vlan is good idea but I have some notes:-
1- all SW use IP in same vlan (same vrf) here you don't need static route and here you can only access all SW from PC connect in same vlan
2- I want to access mgmt vlan from other subnet
Here start issue'
Ypu need to config one SW with static route and then make leak vrf-global
Otherwise ypu can not access mgmt vlan from any other subnet
MHM
08-14-2024 12:52 AM
Hi Shambhu,
I have another question please, if you don`t mind. Under the nexus config section, you have put in a static route ip route 0.0.0.0/0 172.10.10.1, This is confusing me, why is this necessary ? Will this static route not all other routing ?
thanks ....Dinesh.
08-14-2024 04:24 AM
08-14-2024 05:28 AM
I`ve just checked under the vrf mgmt & yes you can add the static route, many thanks Shambhu !!!
Dinesh....
08-01-2024 02:41 AM
Hello @dparmar101
First, define a VLAN that will be used for the management network on your 3850 switch.
Assign IP addresses to the management interfaces of each switch within the management VLAN subnet.
Next, set up a VRF for the management network to ensure it's segregated from the production network and configure the management ports on the 9K switches to use the new management VLAN and VRF.
Finally, connect the MGMT ports of the 9K switches to the 3850 and configure the interfaces to be part of the management VLAN and VRF.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide