Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3361
Views
0
Helpful
7
Replies

Nexus inband management with SVI

acontes
Level 1
Level 1

‎04-17-2013 12:40 AM - edited ‎03-07-2019 12:51 PM

Hello,

i have:

two nexus 5596 connected each other

the mgmt0 is NOT in use

SVI for keepalives with IP address and /30 netmask

vpc-keepalives running over fiber in e1/1. this works well

uplinks to datacenter distribution switch (Cat 6500 VSS) over fiber on port-channel 1 (e1/2 and e1/10), also carrying the management VLAN (vlan 14).

SVI with an IP address for management purposes

I can't get this to work. i can ping my whole network from the nexus, but not the nexus from my network. also pinging inside the mgmt vlan is not possible.

any ideas on that?

show vpc looks nice, show interface trunk looks nice,

Labels:
0 Helpful
7 Replies 7

Steve Fuller
Level 9
Level 9

‎04-17-2013 01:36 AM

Hi,

Are you using the VRF in any way on this switch? Can you post a show run and show ip route output?

Regards

0 Helpful

acontes
Level 1
Level 1
In response to Steve Fuller

‎04-17-2013 04:12 AM

I do not use the management VRF in any other way.

Here is the relevant part of the sh running:

!

vrf context management

spanning-tree loopguard default

udld aggressive

port-channel load-balance ethernet source-dest-port

vpc domain 5

  role priority 1000

  system-priority 4000

  peer-keepalive destination 10.233.40.14 source 10.233.40.13 vrf default precedence 7

  peer-config-check-bypass

  auto-recovery

!

interface Vlan1

!

interface Vlan14

  no shutdown

  ip address 10.232.10.62/24

!

interface Vlan26

  no shutdown

  ip address 10.233.40.13/30

!

interface port-channel1

  description Uplink to VSS

  switchport mode trunk

  switchport trunk native vlan 236

  switchport trunk allowed vlan 14,236

  spanning-tree port type network

  speed 10000

  storm-control broadcast level 2.00

  storm-control multicast level 2.00

  vpc 1

!

interface port-channel2

  description vpc-peer-link

  switchport mode trunk

  switchport trunk allowed vlan 1,14,236

  spanning-tree port type network

  speed 10000

  vpc peer-link

!

ip route 0.0.0.0/0 10.232.10.200

!

And the routing table:

sh ip route vrf all

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

0.0.0.0/0, ubest/mbest: 1/0, pending

    *via 10.232.10.200, Vlan14, [1/0], 00:00:55, static

10.232.10.0/24, ubest/mbest: 1/0, attached, pending

    *via 10.232.10.62, Vlan14, [0/0], 00:00:55, direct

10.232.10.62/32, ubest/mbest: 1/0, attached, pending

    *via 10.232.10.62, Vlan14, [0/0], 00:00:55, local

10.233.40.12/30, ubest/mbest: 1/0, attached, pending

    *via 10.233.40.13, Vlan26, [0/0], 00:00:55, direct

10.233.40.13/32, ubest/mbest: 1/0, attached, pending

    *via 10.233.40.13, Vlan26, [0/0], 00:00:55, local

IP Route Table for VRF "management"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

0 Helpful

svibeesh85
Level 1
Level 1

‎04-17-2013 05:07 AM

Mate check the ip addressing for te mgmt vlan.  Along with the mask.  Unable to ping within the mgmt vlan needs to be checked out. Chek if the uplink is allowin the mgmt vlan

0 Helpful

Steve Fuller
Level 9
Level 9

‎04-17-2013 02:46 PM

Hi,

It's late, but do your VLANs match?

It seems you have VLAN 14 and 26, but your port-channel is configured for VLANs 14 and 236. Is that a fat finger adding a 3 or a tied eye reading it incorrectly?

Regards

Sent from Cisco Technical Support Android App

0 Helpful

acontes
Level 1
Level 1
In response to Steve Fuller

‎04-18-2013 12:24 AM

Yes, thats correct. Vlan 14 is management ip address and vlan 26 is for the keepalive link.

in the meantime i reconfigured the switches the recommended way (keepalive over mgmt0) and the problem persists. after a reboot, everything works as expected...

now i will reconfigure the switches with my prefered config again. let's see what will happen....

0 Helpful

Steve Fuller
Level 9
Level 9
In response to acontes

‎04-18-2013 01:17 AM

Hi,

My point is that you do not allow VLAN 26 on the port-channel. The only VLANs allowed are 14 and 236 (two hundred and thirty six).

Regards

Sent from Cisco Technical Support iPhone App

0 Helpful

acontes
Level 1
Level 1
In response to Steve Fuller

‎04-18-2013 01:35 AM

Ah ok. i forgot to tell you this part of my config:

!

interface Ethernet1/1

  description vPC Keepalive

  switchport access vlan 26

  speed 1000

  storm-control broadcast level 2.00

  storm-control multicast level 2.00

!

:-)

Do not allow the keepalive vlan on the VPC Link. this will break the communication and when the vpc link went down, you will have a split brain scenario! To avoid this, you can configure an extra vrf for the keepalive. see my final config.

My final config now is a separate VRF for the keepalive. this makes some things easer.

vrf context VPC-KEEPALIVE

peer-keepalive destination 10.233.40.14 source 10.233.40.13 vrf VPC-KEEPALIVE precedence 7

!

interface Vlan14

  no shutdown

  management

  ip address 10.232.10.62/24

!

interface Vlan26

  no shutdown

  vrf member VPC-KEEPALIVE 

  ip address 10.233.40.13/30 

!

What we have now is: Keepalive over fiber (e1/1 nexus 5k-1 to e1/1 nexus 5k-2) and an inband management over a trunked vlan.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card