[f-nsp] MLXe interface management - one mac address per chassis ?!?

Youssef Bengelloun-Zahr youssef at 720.fr
Wed Jan 30 07:38:38 EST 2013 

Hello,

Well, VE for that particular VLAN is configured on each MLXe to provide
local GW before being routed through MPLS to remote POPs.

I just tested it, it works just fine. Why didn't I think before ?

I was so focused on the dedicated management interface, I completly forgot
about this one.

Thank Rolf.

Best.



2013/1/30 "Rolf Hanßen" <nsp at rhanssen.de>

> Hello,
>
> do you have vlan 100 configured on the MLX ?
> If yes, use the ve instead the management-port or make sure no
> mac-addresses are learned within the vlan (enable transparent-hw-flooding
> or use MPLS) and MLX geneartes no packets in that vlan.
> If not, I do not see the problem, your FCS should be able to learn the MAC
> on different ports in different vlans.
> But this will become a problem if you use a switch that has a global MAC
> table and not one each vlan in such configuration.
>
> btw, the management-port afaik does not switch (or route to another
> interface) packets (at least it did not some years ago with the old MLX).
>
> kind regards
> Rolf
>
> > Hello,
> >
> >
> >
> > I have stumbled upon a limitation that I can't seem to find any
> workaround
> > for. I have the following setup per-pop :
> >
> > MLXe ========== FCS stack (2 members) =========== Management interfaces
> of
> > devices (switchs, PDUs, firewalls, etc.)
> >
> > I created a managment VRF that spans multiple POPs, each has it's IP
> > private space.
> >
> > A Vlan (on the MLXe) is binded to a VRF, the VLAN is trunked down to a
> > stack of switchs (using a LAG) in order to aggregate cabling.
> >
> >
> >
> > Problem I have is the following :
> >
> > I can't use the dedicated managment interface on the MLX MR2 modules
> > because the chassis only has one mac-address.
> >
> > So, when I plug in the cable to the aggregation switchs, mac-address is
> > not
> > learned from that port but rather from the LAG. Otherwise, I would create
> > a
> > nice L2 loop ;-)
> >
> >
> >
> > This on the MLX :
> >
> > Ethernetmgmt1 is down, line protocol is down
> >
> >   STP Root Guard is disabled, STP BPDU Guard is disabled
> >
> >   Hardware is Ethernet, address is *0024.38a5.7b00 (bia 0024.38a5.7b00)*
> >
> >
> >
> > This is on the FCS stack switchs :
> >
> > telnet at ag01-par01#sh mac-address
> >
> > Total active entries from all ports = 35
> >
> > MAC-Address     Port           Type          Index  VLAN
> >
> > ....
> >
> > *0024.38a4.fb00  1/1/1*2/1/1    Dynamic       28312  100*
> >
> >
> >
> > N.B : e1/1/1 and 2/1/1 are the ports used to create uplink LAG to the MLX
> > router / VLAN100 is the managment VLAN bounded to the management VRF.
> >
> >
> >
> > For operational needs, I would really like to use the dedicated
> management
> > interface on the MLX routers (authentication, supervision/monitoring,
> > etc.).
> >
> > Sadly, there is nothing you can do on that interface except change the IP
> > address :-/
> >
> > Has anyone faced this before ? Any workaround you can think of ?
> >
> > Best.
> >
> > Y.
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>


-- 
Youssef BENGELLOUN-ZAHR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20130130/e368e624/attachment.html>

More information about the foundry-nsp mailing list