Solved: Re: FastEthernet 1 on Cisco 4500-X

k.mullenberg · ‎12-18-2013

So I am trying to get the FastEthernet 1 interface on my two 4500-X switches configued with a management VLAN IP. I have configured them with an IP Address and have the switchport they are connected to set to an access switchport for the management VLAN.

I am not certain why I am not able to get the devices to connect to the rest of the network so that I can manage them via the IP on FA1. It is a very simple config.

dc4500x-2#show run int fa1

Interface FastEthernet 1

vrf forwarding mgmtvrf

IP Address x.x.x.x x.x.x.x

speed auto

duplex auto

This interface is connecting to a 6509E

AdminCore-6509E#show run int g1/48

interface GigabitEthernet1/48

description dc4500x-2

switchport

switchport access vlan 30

no ip address

end

What is it that I am missing? I can ping the 4500 from the 6509 but I cannot ping the 6509 from the 4500. Nor can I ping the 4500 from a laptop on the network.

Jon Marshall · ‎12-18-2013

Kris

Sorry, can you try -

ip route vrf mgmtvrf 0.0.0.0 0.0.0.0

Jon

View solution in original post

John Blakley · ‎12-18-2013

You'd need to have a vrf that you're attaching your interface to.

Do a "show ip vrf" and see if it comes back with anything; if not, you'll need to create it.

ip vrf mgmtvrf

rd 1:1

route-target both 1:1

The 1:1 are identifiers to determine what routes to pull into and export out of the vrf. Then do everything that Jon mentions above.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎12-18-2013

I don't have a config like this, but when you put an address on an interface, it takes that interface and puts it into an internal vlan and assigns it to the port. That vlan won't match to what you have configured. What you should do is create an svi for vlan 30 and then add that interface to your vrf.

int vlan 30

vrf forwarding mgmtvrf

ip address

no ip address on fa1, but add it to vlan 30.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

k.mullenberg · ‎12-18-2013

I do not see where you can add the fa1 interface to vlan 30. Nor can I set vrf forwarding on the vlan interface with this switch.

Jon Marshall · ‎12-18-2013

Kris

To ping the 6509 from the 4500 try -

ping vrf mgmtvrf x.x.x.x <--- where x.x.x.x is the 6509 IP

To be able to reach it from a remote network ie. your laptop add a default route to the vrf ie.

"ip route 0.0.0.0 0.0.0.0 y.y.y.y vrf mgmtvrf" <---- where y.y.y.y is presumably is the next hop IP of the subnet you used on the fa1 interface on the 4500.

Note - make sure you add the "vrf mgmtvrf" bit at the end of the ip route statement or it will add it to the global routing table and that could break everything.

To check the vrf routing table - "sh ip route vrf mgmtvrf"

Jon

k.mullenberg · ‎12-18-2013

I looked at adding that and the only options are as follows:

<1-255> Distance metric for this route

multicast multicast route

name Specify name of the next hop

permanent permanent route

tag Set tag for this route

track Install route depending on tracked item

What I have input is as follows:

ip route 0.0.0.0 0.0.0.0 x.x.0.1 vrf mgmtvrf

This errors out at the begining of "vrf...." So I looked at the options after inputting the next hop IP.

Jon Marshall · ‎12-18-2013

Kris

Sorry, can you try -

ip route vrf mgmtvrf 0.0.0.0 0.0.0.0

Jon

k.mullenberg · ‎12-18-2013

I can input that information but then get the following. I will say that this part is a bit out of what I am normally used to.

"vrf mgmtvrf does not exist. Create first."

So the assistance of others here is greatly appriciated. :-) I guess I may also need to further consult the senior Network guy (aka google / Cisco documentation).

John Blakley · ‎12-18-2013

You'd need to have a vrf that you're attaching your interface to.

Do a "show ip vrf" and see if it comes back with anything; if not, you'll need to create it.

ip vrf mgmtvrf

rd 1:1

route-target both 1:1

The 1:1 are identifiers to determine what routes to pull into and export out of the vrf. Then do everything that Jon mentions above.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

k.mullenberg · ‎12-18-2013

So two parts here and THANK YOU for the assistance.

interface FastEthernet1

vrf forwarding mgmtVrf

ip address x.x.0.102 255.255.255.0

speed auto

duplex auto

end

&

switch#(config)#do show ip vrf

Name Default RD Interfaces

Liin-vrf

mgmtVrf Fa1

&

ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 x.x.0.1

With these options I am now able to ping the FA1 interface from laptop on a different VLAN.

Again thanks for the help.

Jon Marshall · ‎12-18-2013

Kris

The documentation is a bit cryptic to be honest (i have just checked it). I also did a quick search and found a post for 4500-X management port and they had added that route for the vrf. Basically your switch is saying to create the vrf with -

4500(config)# ip vrf mgmtvrf

but i wouldn't do that because i'm not sure what might break. The IPBase license does not support VRF-Lite which is basically what this is but i'm not sure how you are meant to get to the mgmt port otherwise unless Cisco meant you to only connect via a device in the same subnet.

The docs are cryptic ie. they show a mgmt device connected a number of hops away and then say that only the 4900s support routing protocols on the mgmt port. It's unclear whether they mean dynamic routing protocols or not.

I suspect you do need to create the vrf in the config as above but the docs are so vague i can't promise it wouldn't affect the switch.

Jon