Re: Nexus Vrf

Hello Joe,
Yes no management network. From your explanation and my research, it is been clear to me that you cannot use the mgmt 0 interface for management traffic unless it is connected to a management network. Hope I am right!

Ryan proposed configuring a SVI (vrf different from mgmt) in the subnet with the mgmt 0 interface then configuring a default route for the mgmt Vrf pointing the SVI ip address. What is your take on that?

They are connected using crossover cable.
 
What do u mean by more Vrfs? Presently we can configure more Vrfs, but no inter Vrf communication.

For the default route, we need to include the next hop IP address to the exit interface.

Regards
Dada Olusegun
CCIE#32395, CEH, JNCIS

Sent from my BlackBerry. Smartphone, from Etisalat.

-----Original Message-----
From: Joe Sanchez <marco207p_at_gmail.com>
Date: Fri, 30 Mar 2012 23:16:53
To: <rwest_at_zyedge.com>
Cc: <engrenny_at_hotmail.com>; <ccielab_at_groupstudy.com>
Subject: Re: Nexus Vrf

This is absolutely doable and you can manage your 5500 through the in-band network, however as I mentioned it is better to use the Mangement vrf as your point of management and logging and such. You stated that you did not have a out-of-band management network? Are your 5548's connected via a cross-over cable? if you are using a switch between the 5548's (recommended x2) can you not use these switches as your management. But none the less.. here is a config you can use for your in band mangement of your 5548's.
 
Until Cisco allows more VRF's on the 5500 switches we are stuck with these types of deployed solutions.
 
 
##############################################################################
vrf context management
!! no route here

vlan 200
  name SWITCH-MGMT-VLAN

vpc domain 25
  role priority 1000
  system-priority 2000
  peer-keepalive destination 1.1.1.2 source 1.1.1.1
   peer-config-check-bypass
  peer-gateway
  auto-recovery
 
interface Vlan200
  des INBAND MANAGEMENT
  no shutdown
  no ip redirects
  ip address 10.1.1.1/24 <http://10.1.1.1/24>
 
interface mgmt0
 des USED FOR PEER-KEEPALIVE / vPC-PEER-LINK
  vrf member management
  ip address 1.1.1.1/30 <http://1.1.1.1/30>
 
ip route 0.0.0.0/ <http://0.0.0.0/> vlan 200
 
Your gonna have to check on the route for default, as I can't recall the exact syntax but it should be something like above.
 
Joe Sanchez

On Fri, Mar 30, 2012 at 10:19 AM, Ryan West <rwest_at_zyedge.com <mailto:rwest_at_zyedge.com> > wrote:
 
On Fri, Mar 30, 2012 at 11:09:29, OLUSEGUN DADA wrote:
> Subject: Re: Nexus Vrf
>
 
> Apart from bridging and connecting the management interface to the
> network, is there no other way to make the management reachable
> through routing.
>
> Am thinking of adding all the interface and routing protocol to the
> management Vrf. What is thought about that. Is it O.K
>
 
 Route leaking between VRF's on the 5500 isn't supported yet, so I think you're stuck at a physical cable. Not sure about routing protocols, but since you won't really be routing through the mgmt VRF, I guess I don't see the point.
 
 -ryan

Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 30 2012 - 23:43:27 ART