ā04-19-2023 08:46 AM
We have multiple sites where site connectivity is provided over third party managed infrastructure providing multiple VRFs/VLANs and subnets over a single uplink.
Typically there is an internally facing VLAN and Subnet with access to internal DNS, DHCP and hence XIQ-SE plus an externally facing VLAN and subnet for public use with no access to internal DNS and no access to XIQ-SE. This has access to externally hosted DHCP and public DNS.
When onboarding X435-8P switches 'out of the box' they pick up addresses on both VLANs. We were under the impression that the switch should try each until a connection to XIQ-SE is established. However, traceroute from the switch shows that this is being restricted to just the public interface - hence not only can the address of our XIQ-SE server not be determined as there is no access to internal DNS but also the server itself is inaccessible anyway.
Connecting to an intermediate device to filter out Public access gives us a workaround - but won't always be possible. Nor will disabling the Public DHCP be an option as that would interrupt access to vital public services.
Switches come 'out of the box' with OS 31.7.1.4 patch1-77