Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
0
Helpful
19
Replies

Problems dedicating interface on router for management

Go to solution
Brett Tesdall
Level 1
Level 1

‎02-02-2015 06:56 AM - edited ‎03-07-2019 10:28 PM

Hi, all, I've run into a problem and I'm not sure what I'm doing wrong, so hopefully one of you experts can point me in the right direction.

I'm installing a new Cisco 2911 and wanting to configure G0/2 as a dedicated interface for management.  Our management vlan is 1001 and is in the range 10.200.1.xxx.  I've given the interface an IP of 10.200.1.250 and subnet mask 255.255.255.0.  For configuration purposes, I've configured G0/1 to get a DHCP address from our general PC vlan 6.  The IP ranges for vlan 6 are 10.6.6.1-10.6.7.254.  The interface has picked up IP 10.6.7.214 with subnet mask 255.255.254.0.  Doing a "show ip route" confirms the subnets are visible and also that it found 10.3.3.200 on vlan 3 which is the DHCP server.

Both G0/1 and G0/2 are plugged into a stack of 2 3750-X switches on 1/0/5 and 1/0/6.  Port 1/0/5 is configured as an access port on vlan 6 and port 1/0/6 is configured as an access port on vlan 1001.

 

When both G0/1 and G0/2 are online, I can ping both addresses from my desktop computer which is at IP 10.6.6.140 and can SSH in on either IP and work with the device.  As soon as I set G0/1 to "no ip address", I lose all connectivity from my desktop.  However, if I get into the 3750-X stack, I can ping 10.200.1.250.  Also, if I get into our core switch, an older 3550 which is trunked to the 3750-X stack, I can still ping 10.200.1.250 successfully.  It's almost as if the packets aren't "turning the corner" onto the PC vlan for some reason.  I've tried a few different things like changing the port on the 3750-X for G0/2 to a trunk port, and also created a subinterface on G0/2, called G0/2.1001 in case it was a VLAN issue, but neither of those had any effect, and actually made the situation worse.

 

At the same time as I have this problem, connected to the same 3750-X stack, I have a Cisco 2504 Wireless LAN controller.  Port 1 on this device is used for management.  I've given it an address in the 10.200.1.xxx range and set the interface for VLAN 1001.  The port it's connected to on the 3750-X is configured as a trunk port, with 1001 as its native VLAN.  This device works perfectly from my desktop, and I'm able to get into its web interface with no problems.

 

Can anyone tell me where I might be going wrong?  I can provide configs, if needed.

Labels:
0 Helpful
19 Replies 19

Go to solution
Brett Tesdall
Level 1
Level 1
In response to Jon Marshall

‎02-02-2015 02:35 PM

OK, so how could I adapt this to work with the vrf, if that would be the recommended way, or is it just as good to ditch the vrf and go with the new route?

After looking at that route, I think my problem may have been the next-hop I was using for the 10.6.6.xxx subnet.  I think I was pointing it at the wrong place.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Brett Tesdall

‎02-02-2015 02:55 PM

You can't really adapt this for the VRF because you are just using the global routing table ie. the one used by default.

If you wanted to use the VRF you would have to try configuring your aaa configuration into the VRF.

There is a Cisco document for it but like I say, unfortunately I haven't done it this way so I can't say for sure after all the messing around it would work.

Because you want to use the gi0/1 interface purely for management for me it makes more sense to have it in a VRF for this because it is never going to pass user traffic.

But that doesn't mean you can't use what you have now. It works and it means you can get on with the rest of the configuration.

Perhaps it is something to revisit later.

Like I say I have access to a lab but no AAA server although I may be able to configure some limited functionality on a router so when I get some spare time i'll have a look at it and if I can get it to work i'll post back.

Yes, the problem with the original route you tried was that the next hop was wrong.

Jon

0 Helpful

Go to solution
Brett Tesdall
Level 1
Level 1
In response to Jon Marshall

‎02-03-2015 07:47 AM

I went back to my original configuration and fixed my route to the 10.6.6.xxx subnet and everything is working great now.  Looks like my entire problem was just the wrong next-hop for that subnet.  Sorry for wasting bandwidth, but thanks for helping me find the issue and teaching me a little about vrf's.

 

Thanks!

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Brett Tesdall

‎02-02-2015 02:11 PM

One last thing.

You mentioned MPLS.

It depends on how you are advertising your routes but if you were using this router as a CE running BGP then be aware that if the gi0/0 interface goes down that route is entered into the routing table which might mean you are still advertising that route even if you don't want to.

It really depends on how you do your BGP advertisements, if you are doing them at all.

If you think it may be an issue just let me know.

Jon

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Brett Tesdall

‎02-02-2015 10:49 AM

Sorry I forgot one important part.

To place gi0/1 into the VRF you need to add this under the interface ie.

router(config)# int gi0/1
router(config-if)# ip vrf forwarding <name of VRF>

when you do the above it will remove the existing IP address from the interface.

Just type it back in.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card