Re: Vlan for Management Nexus/Catalyst switches

Jeffrey_233 · ‎05-15-2022

Hi All

So i have a pair of Nexus 3500's as my core's and before upgrading the firmware to the recommended stable version.
I had a vlan that i could ssh into and do configurations there. But this is no longer working. I did follow the upgrade guide and did run the setup to update the copp policies.
I can connect into one of the other Vlan IP to do this.

Did i miss something on my management vlan?

On each of my Catalyst switches i have the same vlan and unique IP's to each switch.
Some work and some don't but I can't figure out why some don't.
The 10GB ports are trunked and have the vlan included.

Coming for a Dell switch background that was all i needed to do.

Not sure what i missed?

balaji.bandi · ‎05-15-2022

First what NEXUS OS you were before, and what version did you upgrade to. The upgrade should not break your VLAN connection until any Bug was affected by the target version you upgraded to.

what is the VLAN of Management ? are you able to ping from your PC to that IP address?

If you have other modes of access, if you have taken the backup, I would advise comparing to config before the upgrade and after the upgrade.

show IP interface brief ( you should see VLAN interface up/up)

if the ManangementVLAN in a different VRF you need to check with VRF information.

I can connect into one of the other Vlan IP to do this.

Not sure we follow this, what VLAN is this, what you can able to do this please explain more so we can understand better to advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jeffrey_233 · ‎05-15-2022

I upgraded from nxos 9.2.4
Current version is nxos 9.3.8

So my interface mgmt0 is vrf member management.

interface mgmt0
 vrf member management
 ip address 10.10.60.2/24
line console
line vty
access-class dst-vty-access in
boot nxos bootflash:/nxos.9.3.8.bin
feature signature-verification

And my management Vlan also had management assigned to it.

interface Vlan60
  description mgt
  no shutdown
  management
  ip address 10.10.60.2/24
  ip dhcp relay address x.x.x.x
  vrrp 215
    address x
    no shutdown

This is what i have.

balaji.bandi · ‎05-15-2022

Both on the same device, So Looks like they are conflicting the IP address ?

are you able to ping 10.10.60.2 also VRRP IP address X ?

Under VLAN you mention Management :

management - Allow in-band management access to VLAN Interface IP address

If this is the VLAN you using for Management, shutdown mgmt0 ( and test it)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎05-16-2022

Hello

interface mgmt0
 vrf member management
 ip address 10.10.60.2/24

interface Vlan60
  description mgt
  no shutdown
  management
  ip address 10.10.60.2/24
  ip dhcp relay address x.x.x.x
  vrrp 215
    address x
    no shutdown

Your mgt interface is in a VRF and vlan 60 isnt, that's why you can have conflicting ip address and not able to reach via vlan 60

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎05-16-2022

managment interface is NSK is L3 and no need any HSRP VRRP. when you ping to one NSK you ping to that not ping to VIP of HSRP
so VLAN no need, why you config it?

ALSO you must config under
interface management
ip default route to Next-hop the managment is connect.

https://ciscodatacenter.files.wordpress.com/2009/12/vpc-configuration_guide_c07-543563.pdf