Alcatel Unleashed

The #1 Worldwide board for technical support on Alcatel-Lucent Voice & Data gear.
https://alcatelunleashed.com/

IP no forward

https://alcatelunleashed.com/viewtopic.php?t=27835

Page 1 of 1

IP no forward

Posted: 11 Dec 2017 12:38
by StarScream
Hi everyone, I could use a little guidance. I apologize in advance if this is a double post, but my original didnt seem to show up.

I have a 6860 running 8.4.1.233.R02.

I have the following configuration line...

ip interface "Management" address 10.1.99.10 mask 255.255.255.0 vlan 99 no forward ifindex 1

I can still reach all other networks via this address (by setting my Vlan 99 PC's gateway to this address).

So far I have ensured that IP Redistribution of LOCAL into OSPF is disabled.

Does anyone have any thoughts or suggestions on this?

Re: IP no forward

Posted: 11 Dec 2017 15:42
by devnull
Do you really reach foreign networks/hosts (which from my experience should not) or interface addresses local to the switch (which from my experience did work in the past?

I made some bad experiences with no forward interfaces as the switch also "knows" the destination network but could not forward to that -> it will blackhole traffic in that case.

Re: IP no forward

Posted: 12 Dec 2017 13:25
by StarScream
Indeed. I was able to ping and ssh to a router that was not local. A traceroute confirmed that it was taking the path through the VLAN 99 interface.

The problem is that the design I'm implementing was geared towards Ciscos where you can implement management only interfaces. We will not be able to alter the design, and must have IP interfaces that are only reachable from the management VLAN.

Re: IP no forward

Posted: 13 Dec 2017 03:17
by devnull
You can try to use VRFs and see whether this helps.
Otherwise open a SR and let us know about the results

Re: IP no forward

Posted: 13 Dec 2017 08:15
by StarScream
Ok, thank you! I suppose VRF would be a possible workaround,but I will see what support says. I'd take VRF over a bunch of VACLs any day.

Re: IP no forward

Posted: 15 Dec 2017 15:44
by pstolpe
With a VRF for management you may also disable the ip services not needed in the default VRF. But as always there's pros and cons to every design choice.

Re: IP no forward

Posted: 02 Mar 2018 15:54
by StarScream
I created a management vrf on all devices so this works. It is only problematic with NTP, as NTP can only be on one VRF. I have two switches that have only IPs in the VRF interface, but if I move ntp to the management VRF, then other hosts in the network can not receive NTP as they are not part of the management network.

Thanks all for the info!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited