02-22-2016 12:34 AM - edited 03-08-2019 04:40 AM
It says in the Nexus 3000 Layer 2 Switching Config Guide that the "management" keyword under a SVI's config "configures the SVI to be used for in-band management". What exactly does that mean? Or, in other words, what can't you do if you don't config "management"? I have a couple of N3064s configured with the default "no management" and I can use the SVI just fine to Telnet / SSH to the device or copy files to it by (T)FTP...
02-22-2016 01:20 AM
Hi inband mgmt. is when your not using the dedicated mgmt. port that comes with your device for mgmt. traffic , rather you will use an inline interface like an SVI, if your segrating your mgmt. traffic for true oob traffic from you prod traffic you should use your mgmt. port itself as an inline mgmt. port will be of no use when say the network goes into a storm
usually you would set the mgmt. port in a vrf and set all mgmt. traffic like ssh/ntp/syslog etc to be a source of that port and then you mgmt. port would connect to a dedicated mgmt. switch for out of band access during issues that's real out of band as its completely segregated from prod traffic
02-22-2016 01:48 AM
I know what in-band management is - my question is: what's the difference between configuring a SVI with "management" and configuring it with "no management"? I'm using SVIs (in the default vrf) to manage my two N3064s and they both have:
# sh run int vlan424 all | i management
no management
02-22-2016 02:02 AM
Yes so when you apply management it becomes a useable Inband mgmt port if its not there it will not use the SVI as one for mgmt. traffic
02-22-2016 02:06 AM
http://tekcert.com/blog/2015/03/05/how-setup-inband-management-interface-cisco-nexus-switch
02-22-2016 02:14 AM
"it will not use the SVI as one for mgmt. traffic" - then, what is "management traffic"? As I said in the first post, I can Telnet / SSH to the device just fine, copy files to it, anything I've needed so far... all these with the only SVI configured as "no management".
02-22-2016 02:18 AM
If you remove it from that interface it just won't use that as the source of mgmt. traffic it will use another interface , loopback maybe another interface with mgmt. set etc
what have you set your mgmt. traffic to be a source of ?
if nothing the device will decide for itself where it takes it from
EDIT: your talking about coming inbound when you say you can still ssh etc , this is outbound how the switch sends traffic out for specific protocols
04-12-2018 03:05 AM - edited 04-12-2018 03:09 AM
"it just won't use that as the source of mgmt. traffic it will use another interface"
Checked it - does not correct or I understood in a wrong way.
For test typed "no management" at all of SVIs on nexus 3172 - and continue to make successful outbound ssh/telnet connections from nexus to other devices in the network.
So for me it's not clear still what does this command do.
Cisco config guide tells:
interface-vlan vlan-id management |
Creates a VLAN interface (SVI) and configures the SVI to be used for in-band management. |
But as mentioned above - with "no management" on interface its ip-address still can be used for connection on the device.
06-22-2016 03:40 PM
I'm trying to understand this command on the Nexus as well. On Brocade switches they use a similar command which restricts the management plane to that vlan interface. If you don't use the management command then any vlan interface can be used for the management plane. e.g. telnet, ssh, snmp, tacacs, etc.
I'm assuming the Nexus behaves the same way but I have yet to find Cisco documentation stating that. My coworker is setting this up in the lab to test to so I should have an answer in a week or so.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide