09-04-2009 11:31 AM - edited 03-04-2019 05:57 AM
We're toying around with the (probably inadvisable) option of using a subif on the RP management port on an ASR to get a BGP session around our 3rd-party packet filters.
The main interface gi0 locks itself into the Mgmt-intf vrf, but it allows subifs to be defined and all the normal dot1q commands take on the subinterfaces fine. Routes appear as expected, in the global vrf, for the subif.
encap dot1q commands cannot be applied to gi0 directly, but it does show "dot1q vlan 1" as it's encap in show interface -- which is fun because actually it's sending and receiving native packets on the main if, not tagged vlan1 packets, and that personaility of the interface seems to be working fine
despite this.
Other than that, it all looks like it should work, but ARP seems broken somehow. You can see packets (probably ARPs) arriving from the ASR and returning to it, but anything pinged on the subif network remains incomplete in the global ARP table. From the appearance of the mac address tables and arp tables on the rest of the equipment it looks like ARP queries and replies that enter gi0 tagged with vlan ZZZ are being dropped.
Is there something extra to configure on this chassis? Or is this usage of the RP interface not allowed, despite the commands not complaining when applied?
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address XXXXXXX 255.255.255.0
negotiation auto
end
interface GigabitEthernet0.ZZZ
encapsulation dot1Q ZZZ
ip address YYYYYYY 255.255.255.248
no cdp enable
arp probe interval 10 count 5
end
GigabitEthernet0 is up, line protocol is up
Hardware is RP management
...
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
...
ARP type: ARPA, ARP Timeout 04:00:00
GigabitEthernet0.ZZZ is up, line protocol is up
Hardware is RP management port,
....
Encapsulation 802.1Q Virtual LAN, Vlan ID ZZZ.
ARP type: ARPA, ARP Timeout 04:00:00
Hrm, maybe I'll try putting Gi0.ZZZ into a vrf...
09-05-2009 12:28 PM
Hello Brian,
a collegue of mine had bad experiences trying to use mgmt port on a GSR.
management ports are there only for be used in out of band management on this high end devices.
features can work or not and what is very important the risk is all traffic is process switched impacting on main cpu.
You could face other issues for example problems in routing via the interface.
Hope to help
Giuseppe
09-07-2009 12:21 PM
Yeah I figured it was just brokenness.
Though, as far as RP packets -- BGP's going to end up there anyway :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide