This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric Engine with Mgmt CLIP and NAT Firewall

Fabric Engine with Mgmt CLIP and NAT Firewall

RobertD1
Contributor II

‎10-21-2022 09:10 AM

Hello,

If the general rule is to use CLIP as management interface for Fabric Engine with Segmented Management Interface when using L3 BEB or L3 non-fabric how can a connection be established using a NAT enabled Firewall?

Would we add a Mgmt VLAN and add it to the uplink to the Firewall so that it can be NATd?

I think this is the only option and would allow access to the CPU using a mgmt VLAN. We can have multiple management interfaces after all. With L3 enabled switch the mgmt VLAN would not be accessible from other local VLAN IP interfaces.

Thanks,

Rob

0 Kudos
2 REPLIES 2

RobertD1
Contributor II

‎10-24-2022 05:40 AM

Thanks Mig

0 Kudos

Miguel-Angel_RO
Valued Contributor II

‎10-24-2022 12:22 AM

Robert,

You either use mgmt VLAN or mgmt CLIP.

If you use CLIP, there is no need to add a VLAN on the firewall, just a route would be needed (+ security policies).

Be carefull with Natting mgmt interface because it is the one used for Radius and XIQ-SE snmp communication.

You can also work with the same mgmgt VLAN for all your switches but again, the NATting could cause trouble with Radius and XIQ-SE snmp communication.

 

Mig

0 Kudos
GTM-P2G8KFN