Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nexus inband management

Hi,

          we have e requirement for a Nexus 5000 switch to be accessed and managed inband, ie the Management interface can't be connected to the rest of our networks management VLAN because the switch is remote and only connected via fibre. We have enabled the interface VLAN feature and configured an interface VLAN but can't seem to PING the IP address configured on it ?  Does anyone have any idea why or has an example config for this situation.

Thanks in advance.

Kevin.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Nexus inband management

Like I said before, you need the default route in the global table. Configuring a route in vrf context management is not going to work nor assigning VLAN 91 in management VRF (this is not allowed).

Please do the following and re-test:

vrf context management

  no ip route 0/0 131.185.91.1

  exit

ip route 0/0 131.185.91.1

HTH,

jerry

Cisco Employee

Nexus inband management

It is because you are missing this command:

aaa authentication login default group VTY_LOGIN

Regards,

jerry

10 REPLIES
VIP Super Bronze

Nexus inband management

Hi,

If you are trying to use the 5K as a layer-3 device, then you need to install layer 3 daughter card.

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html

HTH

Cisco Employee

Nexus inband management

Do you have a route? You should still able to point a default route out from the global table without the L3 daughter card with interface VLAN.

Regards,

jerry

Cisco Employee

Nexus inband management

What is the exact Nexus 5K model that you have? Is it 5010/5020 or 55xx?

5010/5020 are the L2 switches only. You can create a VLAN interface and then use a default route to upstream gateway for the in-band management. You need to enable feature " telnet " or " ssh" for the inband management.

For out of band management, your Management interface will be in its own VRF. You can take the management interface on N5K and loop it back to one of the ethernet port on the Nexus 5000 as well and have that dedciated vlan for management only. It should work that way. I have used that in the past and worked for me.

HTH,

-amit singh

New Member

Nexus inband management

Guys,

               I have a 5020 and have configured a route under the "vrf context management", something like this:

vrf context management

  ip route 0.0.0.0/0 131.185.91.1

vpc domain 1

  peer-keepalive destination 131.185.91.153

!

interface vlan 91

ip address 131.185.91.154 255.255.255.0

Is the context management the route I need or do I need an independant route for the VLAN  ?

Kevin.

Cisco Employee

Re: Nexus inband management

Like I said before, you need the default route in the global table. Configuring a route in vrf context management is not going to work nor assigning VLAN 91 in management VRF (this is not allowed).

Please do the following and re-test:

vrf context management

  no ip route 0/0 131.185.91.1

  exit

ip route 0/0 131.185.91.1

HTH,

jerry

New Member

Nexus inband management

Thanks Jerry, you were correct. I configured a normal route and that worked. I was leaning towards this answer as my previous post suggested but it is always nice to have some sound advice.

Thanks

Kevin.

Cisco Employee

Nexus inband management

Not a problem, I am glad that this solve your problem.

Regards,

jerry

New Member

Nexus inband management

Jerry,

               any idea why my TACACS authentication isn't working ?  I've added the device in my server x.x.x.x

tacacs-server key "removed"

ip tacacs source-interface Vlan91

tacacs-server host x.x.x.x

aaa group server tacacs+ VTY_LOGIN

    server x.x.x.x

    source-interface Vlan91

Kevin.

Cisco Employee

Nexus inband management

It is because you are missing this command:

aaa authentication login default group VTY_LOGIN

Regards,

jerry

New Member

Nexus inband management

Thankyou Jerry,

                                   you are correct again. Nice work.

Kevin.

2691
Views
0
Helpful
10
Replies