Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2177
Views
0
Helpful
6
Replies

On Management port and VRF-Mmgt

MetCW_2020
Level 1
Level 1

‎09-28-2021 02:45 AM

Hi

Some queries

on the newer switch eg C9300 the management port are peg to vrf, so the routing table separates.

 

for the old model like 2960X the management port isnt peg to VRF so they are sharing the same route table since there is no vrf

 

So if were to configure OOB using the management port for above 2 scenario, C9300, is using vrf so OOB routing is separate from data routing.

 

What about the 2960x? assuming there are 3 vlan on it and i want to do a OOB using the mgmt port.

OOB mgmt port IP-192.168.0.1/24, and then i just use command ip default-gateway 192.168.0.2 ?

 

Thank you for reading/assisting

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎09-28-2021 07:01 AM

Hi,

for the old model like 2960X the management port isnt peg to VRF

Are sure about that. I thought the mgmt port is in a VRF. Can you post "sh run" from one of the 2960X switches?

HTH

0 Helpful

MetCW_2020
Level 1
Level 1
In response to Reza Sharifi

‎09-28-2021 07:39 PM

Nope there isn't, I have a 9300 where there is a vrf configured in but not for the 2960X



So why the difference in the management port for this 2960 without vrf while the new model management port are in the vrf?

I thought management port default will not intervene with the routing so I wonder why the newer need to be in vrf


0 Helpful

marce1000
VIP
VIP
In response to MetCW_2020

‎09-28-2021 11:17 PM

 

         >....I wonder why the newer need to be in vrf

 Because it is more secure.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to MetCW_2020

‎09-29-2021 06:50 AM

On the newer switch platforms, Cisco is separating the data plane (main routing table) from the management plane. This way, the routing tables are completely different and if there is a data plane issue with the device, you can still log on to the management port.

It also gives you the capability to have 2 default gateways, one for the out-of-band management interface (in a VRF) and one for the global routing table.

HTH 

0 Helpful

MetCW_2020
Level 1
Level 1
In response to Reza Sharifi

‎10-02-2021 12:02 AM

Thanks



So for the 2960X seems like the management interface shares the same routing table as any SVI configured.

Reason for asking because I have a "DMZ" switch and currently managed via SVI. So moving to management port for OOB management seems to do no justice since it's the same global routing table instead of a vrf


0 Helpful

marce1000
VIP
VIP
In response to MetCW_2020

‎10-02-2021 02:25 AM

 

- That's the reason that for a DMZ-switch, you could use a modern device that offers a separate VRF for the management port, that way it can be managed through an Intranet-switch-management-vlan as I do it , with less  concerns for 'bad sleep'  (smiley noted).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card