Management Interfaces

NVIDIA MLNX-GW User Manual for NVIDIA Skyway Appliance v8.2.2200

Management interfaces are used in order to provide access to management user interfaces. NVIDIA switches support out-of-band (OOB) dedicated interfaces (e.g. mgmt0, mgmt1) and in-band dedicated interfaces. In addition, most systems feature a serial port that provides access to the CLI only.On systems with two OOB management ports, both of them may be configured on the same VLAN if needed. In this case, ARP replies to the IP of those management interfaces is answered from either of them.

If the system was set during initialization to obtain dynamic IP addresses through DHCP and you wish to switch to static assignments, perform the following steps:

  1. Enter Config configuration mode. Run:

    Copy
    Copied!
                

    switch > enable switch # configure terminal

  2. Disable setting IP addresses using the DHCP using the following command:

    Copy
    Copied!
                

    switch (config) # no interface <ifname> dhcp

  3. Define your interfaces statically using the following command:

    Copy
    Copied!
                

    switch (config) # interface <ifname> ip address <IP address> <netmask>

  1. Enable IPv6 on this interface. Run:

    Copy
    Copied!
                

    switch (config) # interface mgmt0 ipv6 enable

  2. Set the IPv6 address to be configured automatically. Run:

    Copy
    Copied!
                

    switch (config) # interface mgmt0 ipv6 address autoconfig

  3. Verify the IPv6 address is configured correctly. Run:

    Copy
    Copied!
                

    switch (config) # show interfaces mgmt0 brief

DHCP is used for automatic retrieval of management IP addresses.

For all other systems (and software versions) DHCP is disabled by default.

Warning

If a user connects through SSH, runs the wizard and turns off DHCP, the connection is immediately terminated as the management interface loses its IP address.

Copy
Copied!
            

<localhost># ssh admin@<ip-address> NVIDIA Onyx Switch Management Password: NVIDIA switch NVIDIA configuration wizard Do you want to use the wizard for initial configuration? yes Step 1: Hostname? [my-switch] Step 2: Use DHCP on mgmt0 interface? [yes] no <localhost>#

In this case the serial connection should be used.

To configure manually the default gateway, use the “ip route” command, with “0.0.0.0” as prefix and mask. The next-hop address must be within the range of one of the IP interfaces on the system.

Copy
Copied!
            

switch (config)# ip route 0.0.0.0 0.0.0.0 10.10.0.2 switch (config)# show ip route Destination Mask Gateway Interface Source Distance/Metric default 0.0.0.0 10.10.0.2 mgmt0 static 0/0 10.10.0.0 255.255.254.0 0.0.0.0 mgmt0 direct 0/0

In-band management is a management path passing through the data ports. In-band management can be created over one of the VLANs in the systems.

The in-band management feature does not require any license. However, it works only for the system profile Ethernet. It can be enabled with IP Routing.

To set an in-band management channel:

  1. Create a VLAN. Run:

    Copy
    Copied!
                

    switch (config)# vlan 10 switch (config vlan 10)#

  2. Create a VLAN interface. Run:

    Copy
    Copied!
                

    switch (config)# interface vlan 10 switch (config interface vlan 10)#

  3. Configure L3 attributes on the newly created VLAN interface. Run:

    Copy
    Copied!
                

    switch (config interface vlan 10)# ip address 10.10.10.10 /24

  4. (Optional) Verify in-band management configuration. Run:

    Copy
    Copied!
                

    switch (config)# show interfaces vlan 10 Admin state: Enabled Operational state: Up Mac Address: f4:52:14:67:07:e8 Internet Address: 10.10.10.10/24 Broadcast address: 10.10.10.255 MTU: 1500 bytes Arp timeout: 1500 seconds Icmp redirect: Disabled Description: N/A VRF: default Counters: Enabled RX 0 Unicast packets 0 Multicast packets 0 Unicast bytes 0 Multicast bytes 0 Bad packets 0 Bad bytes TX 0 Unicast packets 0 Multicast packets 0 Unicast bytes 0 Multicast bytes

This feature, also known as the DHCP Client Option 12, is enabled by default and assigns the switch system a hostname via DHCP as long as network manager configures hostname to the management interfaces’ (i.e. mgmt0, mgmt1) MAC address. If a network manager configures the hostname manually through any of the user interfaces, the hostname is not retrieved from the DHCP server.

To enable fetching hostname from DHCP server, run:

Copy
Copied!
            

switch (config interface mgmt0) # dhcp hostname

To disable fetching hostname from DHCP server, run:

Copy
Copied!
            

switch (config interface mgmt0) # no dhcp hostname

Warning

Getting the hostname through DHCP is enable by default and will change the switch hostname if the hostname is not set by the user. Therefore, if a switch is part of an HA cluster the user would need to make sure the HA master has the same HA node names as the DHCP server.

Management VRF is a virtual routing function that is responsible for providing IP services for switch management. It is the only VRF where outband management interface mgmt0 belongs.

Initially, a system has only one VRF—the default VRF. This VRF supports both management and data forwarding functions. A management VRF can them be created—mgmt and user VRFs (mgmt VRF is not created with image upgrade automatically). The mgmt VRF is also created on reset factory flows.

When mgmt VRF is created, all mgmt interfaces are automatically moved to it. New management functions can be shutdown in a default VRF and created in the management VRF. Also, management services can be started in 'user' VRFs, with the only difference that the 'user' VRF does not have mgmt interfaces.

Following services are considered management services:

Service

Run by VRF Once mgmt VRF is Created

ssh

Single instance in all VRFs

snmp-agent

Single instance in any VRF

snmptrap

Can be configured in multiple VRFs at the same time

syslogd

Can be configured in multiple VRFs at the same time

web server

Single instance in any VRF

ntp

Single instance in any VRF

dns

Single instance in any VRF

tacacs

radius

Single instance in any VRF

OpenFlow API

Mgmt/default if mgmt is not created

sFlow

Single instance in any VRF

ftp-server

Mgmt/default if mgmt is not created

telnet-server

Mgmt/default if mgmt is not created

docker

Single instance in any VRF

ip filters

Single instance in all VRFs

ZTP

Mgmt only

IPL

Default VRF only

User VRF will have routing functions and its primary purpose is to perform routing of user traffic.

Default VRF is used to run some non-management system functions and can also be used to serve as a global routing instance for multi-VRF traffic.

When a service is moved from VRF to VRF, its configuration is removed.

© Copyright 2023, NVIDIA. Last updated on Nov 15, 2023.