Solved: Use of Management Ethernet port on ASR9000

aacole · ‎06-07-2013

Are there any restrictions on the use of the management ethernet port in the asr9000?

I configured an ip address on the port, made it a member of the management vrf, but was unable to acces any of the remote routers in the same vrf via ssh. Is there anything else I need to enable to make this work?

if I console into a router I can ssh to any other router via the management vrf.

On the remote routers I could see the subnet that was applied to the management interface in the correct vrf.

Reading the manual today i see there is a command:

rp mgmtethernet forwarding

I didnt try this when on site, is this what I am missing?

Andy

xthuijs · ‎06-10-2013

Correct the mgmt interface doesn't participate in forwarding. it is local terminaton only.

google the supportforum doc on local packet transport services that has a write up on that also.

And indeed, the rp mgmt forwarding knob basically provides routing through the mgmt port, but that is not

something I would recommend using other then for lab testing. the mgmt ports are not hw accelerated.

thanks

xander

View solution in original post

aacole · ‎06-10-2013

From the management ethernet port I can access the local router, but cannot SSH to any remote router using addresses in the same vrf. However I can ssh to any router in the management vrf from the console port.

Here is the port config:

interface MgmtEth0/RSP0/CPU0/1

vrf MANAGEMENT

ipv4 address 10.1.1.104 255.255.255.0

This is part of the MANAGEMENT vrf route output on a remote box.

B 10.1.1.0/24 [200/0] via x.x.x.x (nexthop in vrf default), 00:06:33

S 10.222.26.0/26 [1/0] via 10.250.255.251, 3w3d, GigabitEthernet0/1/1/0

A remote router can ping 10.1.1.104, but not the PC conncted to the ethernet port, and yes, the PC firewall is off.

xthuijs · ‎06-10-2013