Re: Nexus Vrf

Dada,

You're leaving off the physical cabling. As you mentioned there is no inter VRF communications and you have no management switches, so your left with cabling the nexus switches to one another as access ports in with either the locally connected SVI or HSRP as the default out. It's not a best practice design, but sometimes you have to make due with what you've got.

Sent from handheld

On Mar 30, 2012, at 7:44 PM, "OLUSEGUN DADA " <engrenny_at_hotmail.com> wrote:

> Hello Joe,
> Yes no management network. From your explanation and my research, it is been clear to me that you cannot use the mgmt 0 interface for management traffic unless it is connected to a management network. Hope I am right!
>
> Ryan proposed configuring a SVI (vrf different from mgmt) in the subnet with the mgmt 0 interface then configuring a default route for the mgmt Vrf pointing the SVI ip address. What is your take on that?
>
> They are connected using crossover cable.
>
> What do u mean by more Vrfs? Presently we can configure more Vrfs, but no inter Vrf communication.
>
> For the default route, we need to include the next hop IP address to the exit interface.
>
> Regards
> Dada Olusegun
> CCIE#32395, CEH, JNCIS
>
> Sent from my BlackBerry. Smartphone, from Etisalat.
>
> -----Original Message-----
> From: Joe Sanchez <marco207p_at_gmail.com>
> Date: Fri, 30 Mar 2012 23:16:53
> To: <rwest_at_zyedge.com>
> Cc: <engrenny_at_hotmail.com>; <ccielab_at_groupstudy.com>
> Subject: Re: Nexus Vrf
>
> This is absolutely doable and you can manage your 5500 through the in-band network, however as I mentioned it is better to use the Mangement vrf as your point of management and logging and such. You stated that you did not have a out-of-band management network? Are your 5548's connected via a cross-over cable? if you are using a switch between the 5548's (recommended x2) can you not use these switches as your management. But none the less.. here is a config you can use for your in band mangement of your 5548's.
>
> Until Cisco allows more VRF's on the 5500 switches we are stuck with these types of deployed solutions.
>
>
> ##############################################################################
> vrf context management
> !! no route here
>
> vlan 200
> name SWITCH-MGMT-VLAN
>
> vpc domain 25
> role priority 1000
> system-priority 2000
> peer-keepalive destination 1.1.1.2 source 1.1.1.1
> peer-config-check-bypass
> peer-gateway
> auto-recovery
>
> interface Vlan200
> des INBAND MANAGEMENT
> no shutdown
> no ip redirects
> ip address 10.1.1.1/24 <http://10.1.1.1/24>
>
> interface mgmt0
> des USED FOR PEER-KEEPALIVE / vPC-PEER-LINK
> vrf member management
> ip address 1.1.1.1/30 <http://1.1.1.1/30>
>
> ip route 0.0.0.0/ <http://0.0.0.0/> vlan 200
>
> Your gonna have to check on the route for default, as I can't recall the exact syntax but it should be something like above.
>
> Joe Sanchez
>
>
> On Fri, Mar 30, 2012 at 10:19 AM, Ryan West <rwest_at_zyedge.com <mailto:rwest_at_zyedge.com> > wrote:
>
> On Fri, Mar 30, 2012 at 11:09:29, OLUSEGUN DADA wrote:
>> Subject: Re: Nexus Vrf
>>
>
>> Apart from bridging and connecting the management interface to the
>> network, is there no other way to make the management reachable
>> through routing.
>>
>> Am thinking of adding all the interface and routing protocol to the
>> management Vrf. What is thought about that. Is it O.K
>>
>
> Route leaking between VRF's on the 5500 isn't supported yet, so I think you're stuck at a physical cable. Not sure about routing protocols, but since you won't really be routing through the mgmt VRF, I guess I don't see the point.
>
> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Sat Mar 31 2012 - 01:14:36 ART