ExtremeSwitching (VSP)

  • 1.  Access to mgmt VLAN in FE environment

    Posted 7 days ago
    Hi everybody,

    I have a setup with 4 VSP into a SPBm Fabric as this:


    Segmented mgmt interface is configured for each one via in band VLAN propagated as a standard L2VSN.

    mgmt vlan X
    ip address 10.0.0.Y/24
    enable​

    I can ping/ssh:
    • A to C and B
    • B to A and D
    • C to A and D
    • D to B and C
    • H (its a PC via an access port tagged into mgmt VLAN) to C
    but all other pings/ssh accesses fail.

    I have two questions:
    • is it normal ? I've tried to replace each FE adjacencies by FC and all works fine (I suspect that enabling FE VXLAN "transforms" the VSP to L3 switches)
    • configuring for each VSP the same IP address as mgmt VLAN directly into in band VLAN:
    int vlan X
    ip addresse 10.0.0.Y/24
    exit​

             allows ping/ssh between all devices and PC H but not from an another subnet which could be configured via routing:

    mgmt vlan
    ip route 0.0.0.0 0.0.0.0 next_hop 10.0.0.254
    exit

    or

    ip route 0.0.0.0 0.0.0.0 10.0.0.254


    Thanks for your help.

    Rodjeur



  • 2.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    Hello Rodjeur, 

    Can you share your FE configuration ? 
    Did you try to config a mgmt CLIP interface ? if yes, is it working with FE config ?

    I'm not sure about L2 vlan mgmt with FE VXLAN. 
    But i can confirm that you can't reach the vlan mgmt interface if your stream is routed localy.
    if you reach the target device from same vlan, it works.
    Host - - (vlan 10) - - Router - - - (vlan mgmt) - - - VSP : OK
    if your reach the target node from another vlan and it need to be routed on the target node to reach the mgmt vlan, it's not possible. 
    Host - - (vlan 10) - - - VSP (vlan mgmt) : NOK
    In routed mode, you need to use a CLIP mgmt interface, which is bounded on the routing table (GRT) and redistributed with IPshortcut is configured. 
    Host - - (vlan 10) - - VSP (CLIP mgmt) : OK

    Regards, 

    Théo


  • 3.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    Hi Theo, and thank you for your help.

    Yes, here is my FE configuration for one VSP (identical for the others, just IP addresses are different):

    ip vrf FE vrfid 511
    router bfd enable
    
    int gi 1/48
    encapsulation dot1q
    vrf FE
    brouter port 1/48 vlan 500 subnet 192.168.1.1/24
    ip bfd enable
    exit
    
    int loopback 1
    ip address 192.168.2.1/255.255.255.255
    exit
    
    router isis
    ip-source-address 192.168.2.1
    ip-tunnel-source-address 192.168.1.1 vrf FE
    exit
    
    logical-intf isis 1 dest-ip 192.168.1.2 name "INTERCONNECTION_FE"
    isis
    isis spbm 1
    isis enable
    bfd enable
    exit


    I don't have tried with CLIP address because my Fabric setup is for now connected to a legacy network and the wish is to use same subnet for the VSPs than for conventional switches. But maybe you have a great idea for a such setup...

    Rodjeur




  • 4.  RE: Access to mgmt VLAN in FE environment

    Posted 4 days ago
    Rodjeur,
    Are you redistributing your mgmt vlan in the isis routes?
    Mig


  • 5.  RE: Access to mgmt VLAN in FE environment

    Posted 3 days ago
    Edited by rodjeur70 3 days ago
    Hi Miguel,

    Not at all. How can I do that ?

    Rodjeur


  • 6.  RE: Access to mgmt VLAN in FE environment

    Posted 2 days ago
    This should do the trick,

    router isis
    redistribute direct
    redistribute direct enable
    exit
    isis apply redistribute direct

    Mig