ExtremeSwitching (VSP)

  • 1.  Access to mgmt VLAN in FE environment

    Posted 7 days ago
    Hi everybody,

    I have a setup with 4 VSP into a SPBm Fabric as this:

    Segmented mgmt interface is configured for each one via in band VLAN propagated as a standard L2VSN.

    mgmt vlan X
    ip address 10.0.0.Y/24

    I can ping/ssh:
    • A to C and B
    • B to A and D
    • C to A and D
    • D to B and C
    • H (its a PC via an access port tagged into mgmt VLAN) to C
    but all other pings/ssh accesses fail.

    I have two questions:
    • is it normal ? I've tried to replace each FE adjacencies by FC and all works fine (I suspect that enabling FE VXLAN "transforms" the VSP to L3 switches)
    • configuring for each VSP the same IP address as mgmt VLAN directly into in band VLAN:
    int vlan X
    ip addresse 10.0.0.Y/24

             allows ping/ssh between all devices and PC H but not from an another subnet which could be configured via routing:

    mgmt vlan
    ip route next_hop


    ip route

    Thanks for your help.


  • 2.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    Hello Rodjeur, 

    Can you share your FE configuration ? 
    Did you try to config a mgmt CLIP interface ? if yes, is it working with FE config ?

    I'm not sure about L2 vlan mgmt with FE VXLAN. 
    But i can confirm that you can't reach the vlan mgmt interface if your stream is routed localy.
    if you reach the target device from same vlan, it works.
    Host - - (vlan 10) - - Router - - - (vlan mgmt) - - - VSP : OK
    if your reach the target node from another vlan and it need to be routed on the target node to reach the mgmt vlan, it's not possible. 
    Host - - (vlan 10) - - - VSP (vlan mgmt) : NOK
    In routed mode, you need to use a CLIP mgmt interface, which is bounded on the routing table (GRT) and redistributed with IPshortcut is configured. 
    Host - - (vlan 10) - - VSP (CLIP mgmt) : OK



  • 3.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    Hi Theo, and thank you for your help.

    Yes, here is my FE configuration for one VSP (identical for the others, just IP addresses are different):

    ip vrf FE vrfid 511
    router bfd enable
    int gi 1/48
    encapsulation dot1q
    vrf FE
    brouter port 1/48 vlan 500 subnet
    ip bfd enable
    int loopback 1
    ip address
    router isis
    ip-tunnel-source-address vrf FE
    logical-intf isis 1 dest-ip name "INTERCONNECTION_FE"
    isis spbm 1
    isis enable
    bfd enable

    I don't have tried with CLIP address because my Fabric setup is for now connected to a legacy network and the wish is to use same subnet for the VSPs than for conventional switches. But maybe you have a great idea for a such setup...


  • 4.  RE: Access to mgmt VLAN in FE environment

    Posted 4 days ago
    Are you redistributing your mgmt vlan in the isis routes?

  • 5.  RE: Access to mgmt VLAN in FE environment

    Posted 3 days ago
    Edited by rodjeur70 3 days ago
    Hi Miguel,

    Not at all. How can I do that ?


  • 6.  RE: Access to mgmt VLAN in FE environment

    Posted 2 days ago
    This should do the trick,

    router isis
    redistribute direct
    redistribute direct enable
    isis apply redistribute direct