Mailing List Archive

We just changed this behavior on ICX in the latest code release. Originally the management-vrf only supported VEs, but now you should be able to place both the management interface and a VE under the management-vrf.

Wilbur

On 1/27/17, 5:51 AM, "foundry-nsp on behalf of Franz Georg Köhler" <foundry-nsp-bounces@puck.nether.net on behalf of lists@openunix.de> wrote:

Hello,

I wonder how management VRF and management port work together on ICX?

On Netiron, you can configure management vrf and place the management
port in the management vrf.
On ICX, you cannot set a VRF for the management port (vrf command not
available of the management port).
The manual says:

"When a management VRF is configured, the management traffic is allowed
through the ports belonging to the specified VRF and the out-of-band
management port. The management traffic through the ports belonging to
the other VRFs and the default VRF are dropped, and the rejection
statistics are incremented."

The problem is, if the vrf does not contain any ports, it is down (the
management port doesn't count because it cannot be added with vrf command).
I have created a loopback device bound to the management vrf to keep it up.
However, the management port does not seem to be part of the VRF.
Secondly, the system will only send out management packets on loopback1,
not on the management port.

How do you address those problems?




Best regards,

Franz Georg Köhler


_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_mailman_listinfo_foundry-2Dnsp&d=DwIGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=l86Fj-WC0GHHSCjQjuUvTzxOj0iW25AHL3VIC5Dog8o&m=VAq0fjt2vXRpogFJt0JO8ApwTY30lgD4EcNAgS_Bn_w&s=ctc57rYUuWGVhEQO4P_55CUjL8avHNAHbx9LSpLXC-c&e=

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp