I have gotten my 5010's up and can get to them from mgmt0. The ip address for mgmt0 resides in VLAN 2 for me. I am getting ready to trunk my 5010's back to my 6500's. Do I need to make sure that VLAN 2 cannot be seen through the trunk ports since it resides on mgmt0?
If you are going to manage the nexus switches in band ie. you need access to them remotely, if the traffic is routed via the 6500 switches then you would need to include vlan 2 on the trunk otherwise you won't be able to reach them.
If you are managing the nexus switches out of band ie. you are not accessing them over the production network then no you don't need to include that vlan on the trunk to the 6500s.
You say you can connect to the 5010s now on vlan 2. This suggests you have either
1) another way to connect to them ie. not via the 6500s
2) you have only connected to them because your machine was in vlan 2.
It all depends on whether you need to use the 6500 switches to get to the 5010s remotely.
I don't think this is technically right- the MGMT and the data-path aren't actually connected. The MgmT 0 port doesn't have any concept that it's on "vlan 2"- it's just an access port.
Similarly, if VLAN 2 is on the trunk port, the IP address you assigned to MGMT0 isn't going to respond.
If you configured "feature interface vlan" and then put an IP address on VLAN 2, you could mange this box that way- on two separate IP addresses, via the two separate connections.
With the current lack of ability to wrap ACLs around the Interface VLANs, I'm more comfortable NOT using interface-vlan commands, and using a single uplink to mgmt0. Loss of the mgmt0 port is now only loss of the ability to manage the switch, not a data-path impacting event. (unless you need to configure the switch to correct an data-path issue, in which case you've got problems.)
The shift to out-of-band is a nice feature, but it's going to require a big shift in thinking from an implementation standpoint.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...