This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Access to mgmt VLAN in FE environment

Access to mgmt VLAN in FE environment

Jave
Contributor

‎11-22-2021 10:04 AM

Hi everybody,

I have a setup with 4 VSP into a SPBm Fabric as this:

2fc35d240ae147f8b2aad1e13fef049d.png
Segmented mgmt interface is configured for each one via in band VLAN propagated as a standard L2VSN.

mgmt vlan X
ip address 10.0.0.Y/24
enable​

I can ping/ssh:
  • A to C and B
  • B to A and D
  • C to A and D
  • D to B and C
  • H (its a PC via an access port tagged into mgmt VLAN) to C
but all other pings/ssh accesses fail.

I have two questions:
  • is it normal ? I've tried to replace each FE adjacencies by FC and all works fine (I suspect that enabling FE VXLAN "transforms" the VSP to L3 switches)
  • configuring for each VSP the same IP address as mgmt VLAN directly into in band VLAN:
int vlan X
ip addresse 10.0.0.Y/24
exit​

         allows ping/ssh between all devices and PC H but not from an another subnet which could be configured via routing:

mgmt vlan
ip route 0.0.0.0 0.0.0.0 next_hop 10.0.0.254
exit

or

ip route 0.0.0.0 0.0.0.0 10.0.0.254


Thanks for your help.

Rodjeur

0 Kudos
5 REPLIES 5

TQU
Contributor

‎11-23-2021 04:22 AM

Hello Rodjeur, 

Can you share your FE configuration ? 
Did you try to config a mgmt CLIP interface ? if yes, is it working with FE config ?

I'm not sure about L2 vlan mgmt with FE VXLAN. 
But i can confirm that you can't reach the vlan mgmt interface if your stream is routed localy.
if you reach the target device from same vlan, it works.
Host - - (vlan 10) - - Router - - - (vlan mgmt) - - - VSP : OK
if your reach the target node from another vlan and it need to be routed on the target node to reach the mgmt vlan, it's not possible. 
Host - - (vlan 10) - - - VSP (vlan mgmt) : NOK
In routed mode, you need to use a CLIP mgmt interface, which is bounded on the routing table (GRT) and redistributed with IPshortcut is configured. 
Host - - (vlan 10) - - VSP (CLIP mgmt) : OK

Regards, 

Théo
0 Kudos

Jave
Contributor
In response to TQU

‎11-23-2021 05:58 AM

Hi Theo, and thank you for your help.

Yes, here is my FE configuration for one VSP (identical for the others, just IP addresses are different):

ip vrf FE vrfid 511
router bfd enable

int gi 1/48
encapsulation dot1q
vrf FE
brouter port 1/48 vlan 500 subnet 192.168.1.1/24
ip bfd enable
exit

int loopback 1
ip address 192.168.2.1/255.255.255.255
exit

router isis
ip-source-address 192.168.2.1
ip-tunnel-source-address 192.168.1.1 vrf FE
exit

logical-intf isis 1 dest-ip 192.168.1.2 name "INTERCONNECTION_FE"
isis
isis spbm 1
isis enable
bfd enable
exit


I don't have tried with CLIP address because my Fabric setup is for now connected to a legacy network and the wish is to use same subnet for the VSPs than for conventional switches. But maybe you have a great idea for a such setup...

Rodjeur

0 Kudos

Miguel-Angel_RO
Valued Contributor II
In response to Jave

‎11-25-2021 04:32 AM

Rodjeur,
Are you redistributing your mgmt vlan in the isis routes?
Mig
0 Kudos

Jave
Contributor
In response to Miguel-Angel_RO

‎11-26-2021 05:50 AM

Hi Miguel,

Not at all. How can I do that ?

Rodjeur
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN