09-28-2021 02:45 AM
Hi
Some queries
on the newer switch eg C9300 the management port are peg to vrf, so the routing table separates.
for the old model like 2960X the management port isnt peg to VRF so they are sharing the same route table since there is no vrf
So if were to configure OOB using the management port for above 2 scenario, C9300, is using vrf so OOB routing is separate from data routing.
What about the 2960x? assuming there are 3 vlan on it and i want to do a OOB using the mgmt port.
OOB mgmt port IP-192.168.0.1/24, and then i just use command ip default-gateway 192.168.0.2 ?
Thank you for reading/assisting
09-28-2021 07:01 AM
Hi,
for the old model like 2960X the management port isnt peg to VRF
Are sure about that. I thought the mgmt port is in a VRF. Can you post "sh run" from one of the 2960X switches?
HTH
09-28-2021 07:39 PM
09-28-2021 11:17 PM
>....I wonder why the newer need to be in vrf
Because it is more secure.
M.
09-29-2021 06:50 AM
On the newer switch platforms, Cisco is separating the data plane (main routing table) from the management plane. This way, the routing tables are completely different and if there is a data plane issue with the device, you can still log on to the management port.
It also gives you the capability to have 2 default gateways, one for the out-of-band management interface (in a VRF) and one for the global routing table.
HTH
10-02-2021 12:02 AM
10-02-2021 02:25 AM
- That's the reason that for a DMZ-switch, you could use a modern device that offers a separate VRF for the management port, that way it can be managed through an Intranet-switch-management-vlan as I do it , with less concerns for 'bad sleep' (smiley noted).
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide