ExtremeSwitching (VSP)

  • 1.  Access to mgmt VLAN in FE environment

    Posted 11 days ago
    Hi everybody,

    I have a setup with 4 VSP into a SPBm Fabric as this:

    Segmented mgmt interface is configured for each one via in band VLAN propagated as a standard L2VSN.

    mgmt vlan X
    ip address 10.0.0.Y/24

    I can ping/ssh:
    • A to C and B
    • B to A and D
    • C to A and D
    • D to B and C
    • H (its a PC via an access port tagged into mgmt VLAN) to C
    but all other pings/ssh accesses fail.

    I have two questions:
    • is it normal ? I've tried to replace each FE adjacencies by FC and all works fine (I suspect that enabling FE VXLAN "transforms" the VSP to L3 switches)
    • configuring for each VSP the same IP address as mgmt VLAN directly into in band VLAN:
    int vlan X
    ip addresse 10.0.0.Y/24

             allows ping/ssh between all devices and PC H but not from an another subnet which could be configured via routing:

    mgmt vlan
    ip route next_hop


    ip route

    Thanks for your help.


  • 2.  RE: Access to mgmt VLAN in FE environment

    Posted 10 days ago
    Hello Rodjeur, 

    Can you share your FE configuration ? 
    Did you try to config a mgmt CLIP interface ? if yes, is it working with FE config ?

    I'm not sure about L2 vlan mgmt with FE VXLAN. 
    But i can confirm that you can't reach the vlan mgmt interface if your stream is routed localy.
    if you reach the target device from same vlan, it works.
    Host - - (vlan 10) - - Router - - - (vlan mgmt) - - - VSP : OK
    if your reach the target node from another vlan and it need to be routed on the target node to reach the mgmt vlan, it's not possible. 
    Host - - (vlan 10) - - - VSP (vlan mgmt) : NOK
    In routed mode, you need to use a CLIP mgmt interface, which is bounded on the routing table (GRT) and redistributed with IPshortcut is configured. 
    Host - - (vlan 10) - - VSP (CLIP mgmt) : OK



  • 3.  RE: Access to mgmt VLAN in FE environment

    Posted 10 days ago
    Hi Theo, and thank you for your help.

    Yes, here is my FE configuration for one VSP (identical for the others, just IP addresses are different):

    ip vrf FE vrfid 511
    router bfd enable
    int gi 1/48
    encapsulation dot1q
    vrf FE
    brouter port 1/48 vlan 500 subnet
    ip bfd enable
    int loopback 1
    ip address
    router isis
    ip-tunnel-source-address vrf FE
    logical-intf isis 1 dest-ip name "INTERCONNECTION_FE"
    isis spbm 1
    isis enable
    bfd enable

    I don't have tried with CLIP address because my Fabric setup is for now connected to a legacy network and the wish is to use same subnet for the VSPs than for conventional switches. But maybe you have a great idea for a such setup...


  • 4.  RE: Access to mgmt VLAN in FE environment

    Posted 8 days ago
    Are you redistributing your mgmt vlan in the isis routes?

  • 5.  RE: Access to mgmt VLAN in FE environment

    Posted 7 days ago
    Edited by rodjeur70 7 days ago
    Hi Miguel,

    Not at all. How can I do that ?


  • 6.  RE: Access to mgmt VLAN in FE environment

    Posted 6 days ago
    This should do the trick,

    router isis
    redistribute direct
    redistribute direct enable
    isis apply redistribute direct