Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Default route and Management Interface

Jump to Best Answer
  • 1.  Default route and Management Interface

    Posted Jan 17, 2014 03:34 PM

    I have a M3 series controller, and would like to utilize it's ethernet management interface. I assume I will need to add a static route for the the defualt route of the VLAN I am going to use for the management interface. 

     

    I already have a static route (default route) added for the controllers production IP address (differing vlan than out-of-band management). To ensue that I have management access to the device when the production network goes down, do I simply have to add a second static (default gateway) route, with a higher cost?  Will adding a second default gateway (static route) impact the current production default gateway?

     

     

    Thanks!



  • 2.  RE: Default route and Management Interface
    Best Answer

    Posted Jan 17, 2014 04:08 PM

    nMethod,

     

    The management interface is designed to be standalone and out of band.  You should not be able to route any traffic through it from any other interface.  It expects to be standalone.



  • 3.  RE: Default route and Management Interface

    Posted Jan 17, 2014 05:13 PM

    Thanks for your reply Cjoseph,

     

    During a previous change window, while taking down the interface of our production interface (which provides our production LMS IP) on our M3 Controller, even the management interface became unavailable. The management interface is configured with a subnet and IP unrealted to prod (the mgmt is out of band), and is connected to an out of band switch (access port with a OOB vlan assigned).

     

    I assumed I was unable to connect to the mgmt interface because I was trying to connect to connect to it from a PC on a separate VLAN/subnet, and while traffic presumably could reach the mgmt interface  (when the main interfaces were down), it could not send anything back as it had no knowledge of a default gateway to use to send traffic off of its OOB subnet. I should have tried dropping my PC on the OOB vlan to test this out.

     

    It seemed odd to be that while our prod trunks/interfaces were offline, the mgmt interface was down too, which is what lead me to think that a default gateway for the OOB subnet is required so I can speak to the management  from other VLANs while our main links (and their default gateway) is down.

     

    Am I wrong in my thinking?

     

     



  • 4.  RE: Default route and Management Interface

    Posted Jan 17, 2014 05:17 PM
    Yes. Management interfaces are effectively single broadcast domains because
    there is no default or static routes tied to that interface. Return traffic
    doesn't know where to go.

    You can play with ICMP redirects upstream but it gets messy.


  • 5.  RE: Default route and Management Interface

    Posted Jan 17, 2014 05:19 PM

    Ah, so mgmt is isolated in the sense that any default/static/learned routes configured on the controller are used only for the standard (non-management interfaces)?

     

     



  • 6.  RE: Default route and Management Interface
    Best Answer

    Posted Jan 17, 2014 05:32 PM
    Right. Its just an IP interface with a static route. If the management
    client is not in the same subnet, return traffic to the client will be
    dropped.

    When your main LMS IP is up and you have a default route set on the
    controller, your return traffic may get to the client if it is routable
    through the rest of your upstream network.

    This is hard to put into written form. Let me know if you need some
    clarification. We just went through building out a dark management network
    and discovered the same thing.


  • 7.  RE: Default route and Management Interface

    Posted Jan 17, 2014 05:40 PM

    @cappalli wrote:

    When your main LMS IP is up and you have a default route set on the
    controller, your return traffic may get to the client if it is routable
    through the rest of your upstream network.

    You're right - it is hard to put this into writing, but your above statement makes fits with what I assumed was happening during this attempted change. The necessary routing upstream is in place to allow return traffic via the prod default gateway, as the OOB vlan is not isolated (I know... I know) and one of our cores provides inter-vlan routing to it.

     

    Hopefully during testing tomorrow this is the answer.

     

    Thanks so much for your time.

     



  • 8.  RE: Default route and Management Interface

    Posted Jan 29, 2020 05:52 PM

     

    The OOB "mgmt" interface can be configured with a default gateway specifically for routing  "mgmt" traffic only. 

     

    Here's my config:

     

    I have a "mgmt" ip address of 10.10.10.1 and a default gateway of 10.10.10.254 that will apply ONLY to "mgmt" interface traffic.

     

    (MM1) [mynode] #show ip interface brief

    Interface IP Address / IP Netmask Admin Protocol VRRP-IP
    vlan 1 192.168.1.240 / 255.255.255.0 up up
    loopback unassigned / unassigned up up
    mgmt 10.10.10.1 / 255.255.255.0 up up
    (MM1) [mynode] #show ip route

    Codes: C - connected, O - OSPF, R - RIP, S - static, B - Bgw peer uplink
    M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch
    I - Ike-overlay, N - not redistributed

    Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
    Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
    Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
    Gateway of last resort is 192.168.1.1 to network 0.0.0.0 at cost 1
    S* 0.0.0.0/0 [0/1] via 192.168.1.1*
    C 192.168.1.0/24 is directly connected, VLAN1
    C 192.168.1.241/32 is an ipsec map default-local-master-ipsecmap
    M 10.10.10.0/24 is directly connected to mgmt interface

    Management Gateway of last resort is 10.10.10.254 to network 0.0.0.0
    M* 0.0.0.0/0 via 10.10.10.254*

     

    To do this set the ip address on the "mgmt" interface then execute the command:

     

    (MM1) [mynode] #ip default-gateway mgmt x.x.x.x

     

    -enjoy