Page 1 of 1
Remotely administer the 6900-T20 via the EMP
Posted: 26 Jun 2019 23:41
by eugene
Hello gurus,
I'm trying to achieve this setup so that I can remotely access OS6900-T20 switches in a VC. I want to access its administer the switch via its EMP-CHASx or EMP-VC interfaces. I know I can assign an IP address to a VLAN for remote admin but I prefer not to.
Code: Select all
jumphost
(10.10.1.115/24, OS6450 VLAN 11)
|
|
(10.10.1.15/24, OS6450 VLAN 11)
OS6450
(10.0.1.15/24, OS6450 VLAN 10)
|
|
(EMP-CHAS1: 10.0.1.14/16, OS6450 VLAN 10)
(EMP-CHAS2: 10.0.2.14/16, OS6450 VLAN 10)
(EMP-CHAS3: 10.0.3.14/16, OS6450 VLAN 10)
(EMP-VC: 10.0.1.114/16, OS6450 VLAN 10)
OS6900
VLAN 10 is the management network. VLAN 11 is the external network.
I only want to permit the jumphost access to the OS6900 via the OS6450-24 which is acting as the router. The EMP interfaces of the 3x OS6900 switches are connected to VLAN 10 of the OS6450 switch and the VC can ping 10.0.1.15. However, after setting up the interfaces and the necessary static route, the OS6900 cannot ping the jumphost and vice-versa.
These are the commands I used to setup the interfaces:
Code: Select all
ip interface local chassis-id 1 emp address 10.0.1.14/16
ip interface local chassis-id 2 emp address 10.0.2.14/16
ip interface local chassis-id 3 emp address 10.0.3.14/16
ip interface master emp address 10.0.1.114 mask 255.255.0.0
ip static-route 10.10.1.0/24 gateway 10.0.1.15
I also read that a default gateway cannot be configured on the EMP network. Can packets from the EMP interface even be routed to another network?
Code: Select all
-> ip static-route 0.0.0.0/0 gateway 10.0.1.15
ERROR: Default routes with gateway on EMP port not allowed
VLAN 10 also contains servers which can communicate with the jumphost via the OS6450 so the routing is definitely not an issue.
Re: Remotely administer the 6900-T20 via the EMP
Posted: 30 Jun 2019 02:25
by silvio
Default GW is not a good idea to use in EMP network. But you can setup specific routes:
ip static-route 10.10.1.0/24 gateway 10.0.1.15
regards
Silvio
Re: Remotely administer the 6900-T20 via the EMP
Posted: 30 Jun 2019 09:55
by eugene
I added the static-route but it didn't make a difference. Is there any other setting that I should be aware of?
Is it correct to say that "ip interface local chassis-id X" sets the IP on each chassis' EMP interface, while "ip interface master emp" sets an address that exists across all EMP interfaces in the VC?
Thanks!
Re: Remotely administer the 6900-T20 via the EMP
Posted: 03 Jul 2019 13:23
by silvio
Are you able to ping from cli the gateway?
please test/post:
show ip interface
show ip emp-interfaces
show ip routes
show ip emp-routes
show configuration snapshot ip-routing
also you can try to configure the EMP-CMMA-CHAS1..44 via serial at every chassis. For this use an other ip than the already configured EMPCHAS1...4:
-> modify boot parameters
Boot > boot empipaddr 10.0.xx.xx
Boot > boot empmasklength 16
Boot > commit system
Boot > commit boot
Re: Remotely administer the 6900-T20 via the EMP
Posted: 07 Jul 2019 21:19
by eugene
Are you able to ping from cli the gateway?
The gateway can be ping-ed from the cli. The gateway can also ping the OS6900 switch. There are other hosts sitting in the same VLAN as the OS6900 and their packets can be routed via the same gateway without issue. From the looks of it, the OS6900 seems unaware of the gateway despite the route being configured.
Code: Select all
-> ping 10.0.1.15
PING 10.0.1.15 (10.0.1.15) 56(84) bytes of data.
64 bytes from 10.0.1.15: icmp_seq=1 ttl=64 time=0.823 ms
show ip interface
Code: Select all
Name IP Address Subnet Mask Status Forward Device s
--------------------------------+---------------+---------------+------+-------+---------
EMP-CHAS1 10.0.1.14 255.255.0.0 UP NO EMP
EMP-CHAS2 10.0.2.14 255.255.0.0 UP NO EMP
EMP-CHAS3 10.0.3.14 255.255.0.0 UP NO EMP
EMP-CMMA-CHAS1 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-CMMA-CHAS2 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-CMMA-CHAS3 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-VC 10.0.1.114 255.255.0.0 UP NO EMP
Loopback 127.0.0.1 255.255.255.255 UP NO Loopback
show ip emp-interfaces
Code: Select all
Name IP Address Subnet Mask Status Forward Device s
--------------------------------+---------------+---------------+------+-------+---------
EMP-CHAS1 10.0.1.14 255.255.0.0 UP NO EMP
EMP-CMMA-CHAS1 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-CHAS2 10.0.2.14 255.255.0.0 UP NO EMP
EMP-CMMA-CHAS2 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-CHAS3 10.0.3.14 255.255.0.0 UP NO EMP
EMP-CMMA-CHAS3 0.0.0.0 0.0.0.0 DOWN NO EMP
EMP-VC 10.0.1.114 255.255.0.0 UP NO EMP
show ip routes
Code: Select all
Dest Address Gateway Addr Age Protocol
------------------+-------------------+----------+-----------
127.0.0.1/32 127.0.0.1 149d17h LOCAL
show ip emp-routes
Code: Select all
Dest Address Subnet Mask Gateway Addr Age Protocol
------------------+-----------------+-----------------+---------+-----------
10.0.0.0 255.255.0.0 10.0.1.114 11d10h LOCAL
10.10.1.0 255.255.255.0 10.0.1.15 10d23h STATIC
show configuration snapshot ip-routing
Code: Select all
! IP Route Manager:
ip static-route 10.10.1.0/24 gateway 10.0.1.15 metric 1
Re: Remotely administer the 6900-T20 via the EMP
Posted: 08 Jul 2019 10:25
by silvio
All seems to bei okay - I can't see any mistake.
It has worked at me successfull with this static AOS-route. So you should open a SR at alcatel.
You can do only the following test:
- If you have a switch for tests .... (or you can separate one from the vc) than: clear all the config, restart, disable all the auto-fabric configs. Make all the necessary emp and routing configs (nothing else) and test again.
- test the same with the nvram emp (see my last post).
best regards
Silvio
Re: Remotely administer the 6900-T20 via the EMP
Posted: 13 Jul 2019 09:52
by eugene
Thank you Silvio for debugging this with me
Re: Remotely administer the 6900-T20 via the EMP
Posted: 14 Jul 2019 05:42
by silvio
Are you now able to use the routing within emp network?
Re: Remotely administer the 6900-T20 via the EMP
Posted: 17 Jul 2019 21:48
by eugene
I've contacted the supplier for tech support but haven't gotten an answer. I'll update once I have an answer.