ExtremeSwitching (VSP)

  • 1.  Access to mgmt VLAN in FE environment

    Posted 11 days ago
    Hi everybody,

    I have a setup with 4 VSP into a SPBm Fabric as this:


    Segmented mgmt interface is configured for each one via in band VLAN propagated as a standard L2VSN.

    mgmt vlan X
    ip address 10.0.0.Y/24
    enable​

    I can ping/ssh:
    • A to C and B
    • B to A and D
    • C to A and D
    • D to B and C
    • H (its a PC via an access port tagged into mgmt VLAN) to C
    but all other pings/ssh accesses fail.

    I have two questions:
    • is it normal ? I've tried to replace each FE adjacencies by FC and all works fine (I suspect that enabling FE VXLAN "transforms" the VSP to L3 switches)
    • configuring for each VSP the same IP address as mgmt VLAN directly into in band VLAN:
    int vlan X
    ip addresse 10.0.0.Y/24
    exit​

             allows ping/ssh between all devices and PC H but not from an another subnet which could be configured via routing:

    mgmt vlan
    ip route 0.0.0.0 0.0.0.0 next_hop 10.0.0.254
    exit

    or

    ip route 0.0.0.0 0.0.0.0 10.0.0.254


    Thanks for your help.

    Rodjeur



  • 2.  RE: Access to mgmt VLAN in FE environment

    Posted 10 days ago
    Hello Rodjeur, 

    Can you share your FE configuration ? 
    Did you try to config a mgmt CLIP interface ? if yes, is it working with FE config ?

    I'm not sure about L2 vlan mgmt with FE VXLAN. 
    But i can confirm that you can't reach the vlan mgmt interface if your stream is routed localy.
    if you reach the target device from same vlan, it works.
    Host - - (vlan 10) - - Router - - - (vlan mgmt) - - - VSP : OK
    if your reach the target node from another vlan and it need to be routed on the target node to reach the mgmt vlan, it's not possible. 
    Host - - (vlan 10) - - - VSP (vlan mgmt) : NOK
    In routed mode, you need to use a CLIP mgmt interface, which is bounded on the routing table (GRT) and redistributed with IPshortcut is configured. 
    Host - - (vlan 10) - - VSP (CLIP mgmt) : OK

    Regards, 

    Théo


  • 3.  RE: Access to mgmt VLAN in FE environment

    Posted 10 days ago
    Hi Theo, and thank you for your help.

    Yes, here is my FE configuration for one VSP (identical for the others, just IP addresses are different):

    ip vrf FE vrfid 511
    router bfd enable
    
    int gi 1/48
    encapsulation dot1q
    vrf FE
    brouter port 1/48 vlan 500 subnet 192.168.1.1/24
    ip bfd enable
    exit
    
    int loopback 1
    ip address 192.168.2.1/255.255.255.255
    exit
    
    router isis
    ip-source-address 192.168.2.1
    ip-tunnel-source-address 192.168.1.1 vrf FE
    exit
    
    logical-intf isis 1 dest-ip 192.168.1.2 name "INTERCONNECTION_FE"
    isis
    isis spbm 1
    isis enable
    bfd enable
    exit


    I don't have tried with CLIP address because my Fabric setup is for now connected to a legacy network and the wish is to use same subnet for the VSPs than for conventional switches. But maybe you have a great idea for a such setup...

    Rodjeur




  • 4.  RE: Access to mgmt VLAN in FE environment

    Posted 8 days ago
    Rodjeur,
    Are you redistributing your mgmt vlan in the isis routes?
    Mig


  • 5.  RE: Access to mgmt VLAN in FE environment

    Posted 7 days ago
    Edited by rodjeur70 7 days ago
    Hi Miguel,

    Not at all. How can I do that ?

    Rodjeur


  • 6.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    This should do the trick,

    router isis
    redistribute direct
    redistribute direct enable
    exit
    isis apply redistribute direct

    Mig