Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

nexus 4000 - chassis-management

Hi,

I'm trying to get my head around the 'management' vrf and the 'chassis-management' vrf, on my nexus 4000 blade centre switch.

If I have my chassis management vrf interface configured, which is mgmt1 interface, is there a good reason to configure up the 'mgmt0' interface on the management vrf?

I want to do ssh access, tacacs and snmp to manage the switch, and I was considering doing it all through the chassis-management interface, and leaving the mgmt0 interface blank. THe configs that are on this customers existing switches have the mgmt0 and mgmt1 interfaces set as the same IP Address, which I cant see being a good thing.

any advice welcome.

thanks, Simmo.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

nexus 4000 - chassis-management

It gets complicated. The way this works is that IBM designs and controls the chassis and Cisco designs the Nexus 4000 switches for their chassis. But IBM still wants to retain control over the chassis via an advanced management module or AMM.i.e. IBM feels they should be able to control the Nexus 4000 module via the Advanced Management Module.

There are 2 management ports on the nexus 4000: one external  10/100/1000BASE-T port (mgmt0) and one internal port (full-duplex 100 Mbps) [mgmt1] connected to the AMM.

There are 3 different VRFs (show vrf all)

• Default – Typically used for “in-band” management (not via mgmt0 or mgmt1 but a layer 3 vlan interface)
• Management – Used for “out-of-band” management by interface mgmt0. This is the typical mgmt port and VRF you would find on the nexus 7000.
• Chassis-management – Used for “out-of-band” management by interface mgmt1 (via AMM web GUI or pass through)

Because network engineers are used to managing switches via the CLI, I typically see mgmt1 in "shutdown force" and a static ip address on mgmt0 for out of band management via the front external mgmt 0 port. But if you want to manage the module via the IBM AMM GUI, then you should use the mgmt1 and allow the AMM to give it an ip address via the IO module static ip address and shut down mgmt0. If you want both, then they need 2 different ip addresses.

I believe that the AMM will allow "pass through" mode to the Nexus 4000 CLI so you can reach the CLI via it.

Further information:

http://www.redbooks.ibm.com/abstracts/tips0754.html

http://www.cisco.com/en/US/docs/switches/datacenter/nexus4000/nexus4000_i/sw/configuration/guide/rel_4_1_2_E1_1/sol.html#wp1072280

On previous blade switches without VRFs, it was possible to loop packets through the AMM and back into the network when it was mis-configured since this internal interface is never blocking. The AMM guide might give you more information since it treats the switch as an IO module.

2 REPLIES
Cisco Employee

nexus 4000 - chassis-management

It gets complicated. The way this works is that IBM designs and controls the chassis and Cisco designs the Nexus 4000 switches for their chassis. But IBM still wants to retain control over the chassis via an advanced management module or AMM.i.e. IBM feels they should be able to control the Nexus 4000 module via the Advanced Management Module.

There are 2 management ports on the nexus 4000: one external  10/100/1000BASE-T port (mgmt0) and one internal port (full-duplex 100 Mbps) [mgmt1] connected to the AMM.

There are 3 different VRFs (show vrf all)

• Default – Typically used for “in-band” management (not via mgmt0 or mgmt1 but a layer 3 vlan interface)
• Management – Used for “out-of-band” management by interface mgmt0. This is the typical mgmt port and VRF you would find on the nexus 7000.
• Chassis-management – Used for “out-of-band” management by interface mgmt1 (via AMM web GUI or pass through)

Because network engineers are used to managing switches via the CLI, I typically see mgmt1 in "shutdown force" and a static ip address on mgmt0 for out of band management via the front external mgmt 0 port. But if you want to manage the module via the IBM AMM GUI, then you should use the mgmt1 and allow the AMM to give it an ip address via the IO module static ip address and shut down mgmt0. If you want both, then they need 2 different ip addresses.

I believe that the AMM will allow "pass through" mode to the Nexus 4000 CLI so you can reach the CLI via it.

Further information:

http://www.redbooks.ibm.com/abstracts/tips0754.html

http://www.cisco.com/en/US/docs/switches/datacenter/nexus4000/nexus4000_i/sw/configuration/guide/rel_4_1_2_E1_1/sol.html#wp1072280

On previous blade switches without VRFs, it was possible to loop packets through the AMM and back into the network when it was mis-configured since this internal interface is never blocking. The AMM guide might give you more information since it treats the switch as an IO module.

New Member

nexus 4000 - chassis-management

thanks lawrence for your comprehensive answer. Cheers, Simmo.

898
Views
5
Helpful
2
Replies
CreatePlease login to create content