RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
User avatar
Vito_Corleone
Moderator
Posts:
9850
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Nexus Setup

Tue Jul 22, 2014 3:31 pm

Yeah, I think you're right that it's not overly complex. I just think adding any complexity or extra cost, for little quantifiable gain, can be a tough sell. Just for the record, I'm not saying that I would never deploy a true OOB management network. I'm just saying it's very rare to see in real life, and that it's even more rare to see an OOB deployment done completely (not touching prod, full external access, etc). Without doing it right, it's mostly pointless.

Thanks for a good discussion. I should come back to NF more often.
http://blog.alwaysthenetwork.com

footy
Member
Posts:
157
Joined:
Wed May 23, 2012 8:57 am

Re: Nexus Setup

Tue Jul 22, 2014 4:13 pm

Keep in mind in the case of a loop or anything that generates high device load it can actually hang the switch anyway, so you may want to make sure you have OOB to the power strips so you can hard down some devices too.

Reggle
Post Whore
Posts:
1956
Joined:
Sun May 15, 2011 4:16 pm
Certs:
CCNA Security, CCNP, CCDP

Re: Nexus Setup

Tue Jul 22, 2014 4:43 pm

Vito_Corleone wrote:Thanks for a good discussion. I should come back to NF more often.

You totally should!

footy wrote:Keep in mind in the case of a loop or anything that generates high device load it can actually hang the switch anyway, so you may want to make sure you have OOB to the power strips so you can hard down some devices too.

True. But that depends on 'know your switch' :-) For example: 3750s in stack hang themselves in a sustained loop, single 3560s do not.
http://reggle.wordpress.com

footy
Member
Posts:
157
Joined:
Wed May 23, 2012 8:57 am

Re: Nexus Setup

Tue Jul 22, 2014 5:34 pm

Perhaps, but I've had a 3560 take 1-2 mins to register a keypress when the network is storming. this to me is the same thing as being hung :D

User avatar
ristau5741
Post Whore
Posts:
10618
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: Nexus Setup

Wed Jul 23, 2014 7:07 am

Vito_Corleone wrote:I've seen and deployed various OOB pieces for remote DCs, like console servers (using console ports, not OOB ethernet) for downstream devices (MoR, ToR, etc), but I've yet to see a truly OOB deployment (with external access - otherwise, again, what's the point?) that is completely separate from the prod network.


For the DC backup site we are building out, with on site ISP managed equipment, (router/firewall), we are having them build another context on their managed firewall. This context will connect to our 39xx routers. With async lines for console access to the core and wan devices, if something gets really banged up, (ie BGP) between the ISP and site, we can connect to, and manage, gear via the OOB firewall context. We are still fighting for the modem access, but I don't think that's going to happen for political reasons.
Tips of the day:
- The human mind is the ultimate creation invention.
- I have so many customers, my customers have customers.
- Sausage time
- POP, stack, and store

User avatar
mlan
Ultimate Member
Posts:
819
Joined:
Thu Nov 17, 2011 6:09 pm

Re: Nexus Setup

Wed Jul 23, 2014 12:29 pm

We were able to negotiate for a third-party DSL circuit that has a VPN device behind it providing remote access to the oob network. It's not that much different from the old modem days, and we are requiring encryption and multi-factor authentication.

ScottF
Member
Posts:
206
Joined:
Wed Nov 14, 2012 9:41 am
Certs:
CCNA

Re: Nexus Setup

Tue Aug 12, 2014 12:16 pm

that1guy15 wrote:
mlan wrote:
ScottF wrote:Is there anything to stop me then setting up a mgmt SVI on our management vlan so we can connect to them?


Nothing but the
Code: Select all
feature interface-vlan
command being required.


I was under the impression this would not allow you to have both mgmt0 with an ip and another SVI even if they are in separate VRFs. Am I off on that?

OP: if you have the 5ks to test with first, fire it up and see if it works.


Switches finally arrived (well test ones arrived, cisco are still producing the live ones)

mgmt0 has been used for the keep-alive and a SVI setup for management. SVI didnt work at the start, stated line protocol down, admin down, however in brackets it had 'Non-routable VDC mode'

did a quick search on google and came back with this webpage http://www.layerzero.nl/blog/2012/10/ne ... -vdc-mode/

added the 'management' command to the vlan interface and the SVI came up and was online.

So yes you can have a SVI and mgmt0 configured with addresses :)

User avatar
that1guy15
Post Whore
Posts:
3224
Joined:
Thu Apr 29, 2010 6:12 pm
Certs:
CCNP, CCDP, CCIP

Re: Nexus Setup

Wed Aug 13, 2014 10:52 am

Interesting so you just have to dump the SVI and subnet into the management VDC. Good to know!

Thanks for circling back
http://blog.movingonesandzeros.net/

EOS
Member
Posts:
124
Joined:
Thu Jun 13, 2013 9:20 am
Certs:
Yes..

Re: Nexus Setup

Thu Aug 21, 2014 7:10 am

Awesome thread/discussion!

Thanks everyone for sharing!!

Previous

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: No registered users and 124 guests