Hi everyone, I could use a little guidance. I apologize in advance if this is a double post, but my original didnt seem to show up.
I have a 6860 running 8.4.1.233.R02.
I have the following configuration line...
ip interface "Management" address 10.1.99.10 mask 255.255.255.0 vlan 99 no forward ifindex 1
I can still reach all other networks via this address (by setting my Vlan 99 PC's gateway to this address).
So far I have ensured that IP Redistribution of LOCAL into OSPF is disabled.
Does anyone have any thoughts or suggestions on this?
IP no forward
Re: IP no forward
Do you really reach foreign networks/hosts (which from my experience should not) or interface addresses local to the switch (which from my experience did work in the past?
I made some bad experiences with no forward interfaces as the switch also "knows" the destination network but could not forward to that -> it will blackhole traffic in that case.
I made some bad experiences with no forward interfaces as the switch also "knows" the destination network but could not forward to that -> it will blackhole traffic in that case.
-
- Member
- Posts: 9
- Joined: 07 Dec 2017 16:33
Re: IP no forward
Indeed. I was able to ping and ssh to a router that was not local. A traceroute confirmed that it was taking the path through the VLAN 99 interface.
The problem is that the design I'm implementing was geared towards Ciscos where you can implement management only interfaces. We will not be able to alter the design, and must have IP interfaces that are only reachable from the management VLAN.
The problem is that the design I'm implementing was geared towards Ciscos where you can implement management only interfaces. We will not be able to alter the design, and must have IP interfaces that are only reachable from the management VLAN.
Re: IP no forward
You can try to use VRFs and see whether this helps.
Otherwise open a SR and let us know about the results
Otherwise open a SR and let us know about the results
-
- Member
- Posts: 9
- Joined: 07 Dec 2017 16:33
Re: IP no forward
Ok, thank you! I suppose VRF would be a possible workaround,but I will see what support says. I'd take VRF over a bunch of VACLs any day.
Re: IP no forward
With a VRF for management you may also disable the ip services not needed in the default VRF. But as always there's pros and cons to every design choice.
-
- Member
- Posts: 9
- Joined: 07 Dec 2017 16:33
Re: IP no forward
I created a management vrf on all devices so this works. It is only problematic with NTP, as NTP can only be on one VRF. I have two switches that have only IPs in the VRF interface, but if I move ntp to the management VRF, then other hosts in the network can not receive NTP as they are not part of the management network.
Thanks all for the info!
Thanks all for the info!