I have a M3 series controller, and would like to utilize it's ethernet management interface. I assume I will need to add a static route for the the defualt route of the VLAN I am going to use for the management interface.
I already have a static route (default route) added for the controllers production IP address (differing vlan than out-of-band management). To ensue that I have management access to the device when the production network goes down, do I simply have to add a second static (default gateway) route, with a higher cost? Will adding a second default gateway (static route) impact the current production default gateway?
The management interface is designed to be standalone and out of band. You should not be able to route any traffic through it from any other interface. It expects to be standalone.
Thanks for your reply Cjoseph,
During a previous change window, while taking down the interface of our production interface (which provides our production LMS IP) on our M3 Controller, even the management interface became unavailable. The management interface is configured with a subnet and IP unrealted to prod (the mgmt is out of band), and is connected to an out of band switch (access port with a OOB vlan assigned).
I assumed I was unable to connect to the mgmt interface because I was trying to connect to connect to it from a PC on a separate VLAN/subnet, and while traffic presumably could reach the mgmt interface (when the main interfaces were down), it could not send anything back as it had no knowledge of a default gateway to use to send traffic off of its OOB subnet. I should have tried dropping my PC on the OOB vlan to test this out.
It seemed odd to be that while our prod trunks/interfaces were offline, the mgmt interface was down too, which is what lead me to think that a default gateway for the OOB subnet is required so I can speak to the management from other VLANs while our main links (and their default gateway) is down.
Am I wrong in my thinking?
Ah, so mgmt is isolated in the sense that any default/static/learned routes configured on the controller are used only for the standard (non-management interfaces)?
@cappalli wrote:When your main LMS IP is up and you have a default route set on thecontroller, your return traffic may get to the client if it is routablethrough the rest of your upstream network.
You're right - it is hard to put this into writing, but your above statement makes fits with what I assumed was happening during this attempted change. The necessary routing upstream is in place to allow return traffic via the prod default gateway, as the OOB vlan is not isolated (I know... I know) and one of our cores provides inter-vlan routing to it.
Hopefully during testing tomorrow this is the answer.
Thanks so much for your time.
The OOB "mgmt" interface can be configured with a default gateway specifically for routing "mgmt" traffic only.
Here's my config:
I have a "mgmt" ip address of 10.10.10.1 and a default gateway of 10.10.10.254 that will apply ONLY to "mgmt" interface traffic.
(MM1) [mynode] #show ip interface brief
Interface IP Address / IP Netmask Admin Protocol VRRP-IPvlan 1 192.168.1.240 / 255.255.255.0 up uploopback unassigned / unassigned up upmgmt 10.10.10.1 / 255.255.255.0 up up(MM1) [mynode] #show ip route
Codes: C - connected, O - OSPF, R - RIP, S - static, B - Bgw peer uplinkM - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/BranchI - Ike-overlay, N - not redistributed
Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10Gateway of last resort is 192.168.1.1 to network 0.0.0.0 at cost 1S* 0.0.0.0/0 [0/1] via 192.168.1.1*C 192.168.1.0/24 is directly connected, VLAN1C 192.168.1.241/32 is an ipsec map default-local-master-ipsecmapM 10.10.10.0/24 is directly connected to mgmt interface
Management Gateway of last resort is 10.10.10.254 to network 0.0.0.0M* 0.0.0.0/0 via 10.10.10.254*
To do this set the ip address on the "mgmt" interface then execute the command:
(MM1) [mynode] #ip default-gateway mgmt x.x.x.x
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.