[c-nsp] best way to network servers with management (iLO/IPMI)
Seth Mattinen
sethm at rollernet.us
Thu Apr 9 12:20:34 EDT 2009
Roland Dobbins wrote:
>
> On Apr 9, 2009, at 8:42 PM, Drew Weaver wrote:
>
>> Ideally, I would like to be able to assign the management device a RFC
>> 1918 IP, have the actual server be on a different subnet altogether
>> but use a shared port.
>
> This isn't a good idea because of fate-sharing - you want your OOB
> management network to be isolated and bulletproof, and totally
> unaffected by any problems on the production side. You should use
> separate NICs, with separate cables, plugged into a separate physical
> network (unless you're using N7K switches with VDCs, in which case you
> can safely run the management network on a separate VDC on the same
> hardware, given the control- and management-plane isolation).
>
Sometimes you just don't have a choice. I have two older Dell servers
that only give you the option of a shared ethernet port for their
onboard IPMI, take it or leave it. So I just put the port on a trunk:
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 1,2,4,1002-1005
switchport mode trunk
spanning-tree portfast
Where VLAN2 is the management network and VLAN4 is the server network.
You could put the smallest switch you can find that understand vlans in
front of each server and break the two vlans out to individual untagged
ports, but you'll still need the trunk to get to the server.
~Seth
More information about the cisco-nsp
mailing list