Management Interfaces
Management interfaces are used in order to provide access to management user interfaces. NVIDIA switches support out-of-band (OOB) dedicated interfaces (e.g. mgmt0, mgmt1) and in-band dedicated interfaces. In addition, most systems feature a serial port that provides access to the CLI only.On systems with two OOB management ports, both of them may be configured on the same VLAN if needed. In this case, ARP replies to the IP of those management interfaces is answered from either of them.
If the system was set during initialization to obtain dynamic IP addresses through DHCP and you wish to switch to static assignments, perform the following steps:
Enter Config configuration mode. Run:
switch
> enableswitch
# configure terminalDisable setting IP addresses using the DHCP using the following command:
switch
(config) # nointerface
<ifname> dhcpDefine your interfaces statically using the following command:
switch
(config) #interface
<ifname> ip address <IP address> <netmask>
Enable IPv6 on this interface. Run:
switch
(config) #interface
mgmt0 ipv6 enableSet the IPv6 address to be configured automatically. Run:
switch
(config) #interface
mgmt0 ipv6 address autoconfigVerify the IPv6 address is configured correctly. Run:
switch
(config) # show interfaces mgmt0 brief
DHCP is used for automatic retrieval of management IP addresses.
For all other systems (and software versions) DHCP is disabled by default.
If a user connects through SSH, runs the wizard and turns off DHCP, the connection is immediately terminated as the management interface loses its IP address.
<localhost># ssh admin@<ip-address>
NVIDIA Onyx Switch Management
Password:
NVIDIA switch
NVIDIA configuration wizard
Do you want to use the wizard for
initial configuration? yes
Step 1
: Hostname? [my-switch
]
Step 2
: Use DHCP on mgmt0 interface
? [yes] no
<localhost>#
In this case the serial connection should be used.
To configure manually the default gateway, use the “ip route” command, with “0.0.0.0” as prefix and mask. The next-hop address must be within the range of one of the IP interfaces on the system.
switch
(config)# ip route 0.0
.0.0
0.0
.0.0
10.10
.0.2
switch
(config)# show ip route
Destination Mask Gateway Interface Source Distance/Metric
default
0.0
.0.0
10.10
.0.2
mgmt0 static
0
/0
10.10
.0.0
255.255
.254.0
0.0
.0.0
mgmt0 direct 0
/0
In-band management is a management path passing through the data ports. In-band management can be created over one of the VLANs in the systems.
The in-band management feature does not require any license. However, it works only for the system profile Ethernet. It can be enabled with IP Routing.
To set an in-band management channel:
Create a VLAN. Run:
switch
(config)# vlan10
switch
(config vlan10
)#Create a VLAN interface. Run:
switch
(config)#interface
vlan10
switch
(configinterface
vlan10
)#Configure L3 attributes on the newly created VLAN interface. Run:
switch
(configinterface
vlan10
)# ip address10.10
.10.10
/24
(Optional) Verify in-band management configuration. Run:
switch
(config)# show interfaces vlan10
Admin state: Enabled Operational state: Up Mac Address: f4:52
:14
:67
:07
:e8 Internet Address:10.10
.10.10
/24
Broadcast address:10.10
.10.255
MTU:1500
bytes Arp timeout:1500
seconds Icmp redirect: Disabled Description: N/A VRF:default
Counters: Enabled RX0
Unicast packets0
Multicast packets0
Unicast bytes0
Multicast bytes0
Bad packets0
Bad bytes TX0
Unicast packets0
Multicast packets0
Unicast bytes0
Multicast bytes
This feature, also known as the DHCP Client Option 12, is enabled by default and assigns the switch system a hostname via DHCP as long as network manager configures hostname to the management interfaces’ (i.e. mgmt0, mgmt1) MAC address. If a network manager configures the hostname manually through any of the user interfaces, the hostname is not retrieved from the DHCP server.
To enable fetching hostname from DHCP server, run:
switch
(config interface
mgmt0) # dhcp hostname
To disable fetching hostname from DHCP server, run:
switch
(config interface
mgmt0) # no dhcp hostname
Getting the hostname through DHCP is enable by default and will change the switch hostname if the hostname is not set by the user. Therefore, if a switch is part of an HA cluster the user would need to make sure the HA master has the same HA node names as the DHCP server.
Management VRF is a virtual routing function that is responsible for providing IP services for switch management. It is the only VRF where outband management interface mgmt0 belongs.
Initially, a system has only one VRF—the default VRF. This VRF supports both management and data forwarding functions. A management VRF can them be created—mgmt and user VRFs (mgmt VRF is not created with image upgrade automatically). The mgmt VRF is also created on reset factory flows.
When mgmt VRF is created, all mgmt interfaces are automatically moved to it. New management functions can be shutdown in a default VRF and created in the management VRF. Also, management services can be started in 'user' VRFs, with the only difference that the 'user' VRF does not have mgmt interfaces.
Following services are considered management services:
Service |
Run by VRF Once mgmt VRF is Created |
ssh |
Single instance in all VRFs |
snmp-agent |
Single instance in any VRF |
snmptrap |
Can be configured in multiple VRFs at the same time |
syslogd |
Can be configured in multiple VRFs at the same time |
web server |
Single instance in any VRF |
ntp |
Single instance in any VRF |
dns |
Single instance in any VRF |
tacacs radius |
Single instance in any VRF |
OpenFlow API |
Mgmt/default if mgmt is not created |
sFlow |
Single instance in any VRF |
ftp-server |
Mgmt/default if mgmt is not created |
telnet-server |
Mgmt/default if mgmt is not created |
docker |
Single instance in any VRF |
ip filters |
Single instance in all VRFs |
ZTP |
Mgmt only |
IPL |
Default VRF only |
User VRF will have routing functions and its primary purpose is to perform routing of user traffic.
Default VRF is used to run some non-management system functions and can also be used to serve as a global routing instance for multi-VRF traffic.
When a service is moved from VRF to VRF, its configuration is removed.