OcNOS DC : System Management Guide : User Management Configuration : Using the Management Interface
Using the Management Interface
Overview
OcNOS provides support for different types of Management Interfaces. The management interface can be the standard out of band (OOB) port, or any in-band port.
To provide segregation between management traffic and data traffic, OcNOS provides a Management VRF. The Management VRF is created by default when OcNOS boots. This VRF cannot be deleted. All ports used as Management Interface needs to be in Management VRF. The management VRF is used for all types of Management applications listed below
Remote access to router (SSH/Telnet)
File transfer applications (SFTP/SCP)
Login Authentication via Radius/Tacacs
Network management protocols (SNMP, Netconf)
Note: Apart from this, DHCP, DNS, NTP, Syslog, sFlow, and License/Software upgrade also uses ports mapped to management VRF for their operations. If the management interface flaps, the device becomes unreachable.
Management Port
The Out of Band (OOB) Management Port in OcNOS is identified as “eth0.” This port is automatically mapped to the Management VRF when OcNOS boots, and will remain in same VRF throughout. It cannot be moved out of this VRF.
The IP address of the management port can be configured statically or via DHCP.
Static IP Configuration
A static IP can be configured on the management port during ONIE installation itself, or after installation using the OcNOS CLIs commands. To configure a static IP during ONIE installation, do the following
#onie-stop
#ifconfig eth0 <ip address> netmask <subnet mask> up
Please check the Install Guide for details.
The IP address configured during ONIE installation will be applied to the management port and the same will be retained when OcNOS boot up, and the port becomes part of Management VRF.
#show running-config interface eth0
!
interface eth0
ip vrf forwarding management
ip address 10.12.44.109/24
After getting the OcNOS prompt, this IP address can be changed from the CLI.
 
#configure terminal
Enter configure mode
(config)#interface eth0
Enter interface mode
(config-if)#ip address 10.12.44.120/24
Assign an IPv4 address to the interface
(config-if)#exit
Exit interface mode
(config)#exit
Exit configuration mode
If a static IP is not configured during ONIE installation the same can be configured via CLI by following the above steps. Using the OcNOS CLI, DHCP can also be enabled on the Management port.
 
#configure terminal
Enter configure mode
(config)#interface eth0
Enter interface mode
(config-if)#ip address dhcp
Enable DHCP on interface
(config-if)#exit
Exit interface mode
(config)#exit
Exit configuration mode
Obtaining IP Address via DHCP
During onie installation, the management port attempts to acquire IP address via DHCP automatically unless stopped explicitly using “onie-stop”. So, if management port is getting IP via DHCP, after OcNOS boots, the management port will continue to use DHCP, even when it is part of the Management VRF.
#show running-config interface eth0
!
interface eth0
ip vrf forwarding management
ip address dhcp
After OcNOS boots, the IP address can be changed to any static IP from the command line as shown earlier.
In-Band Ports
Any front-end ports of the device (in-band ports) can be made part of the management VRF. Once they are part of the management VRF they can also support all management applications such as SSH/Telnet and others as listed in Overview.
Once the ports are part of the management VRF, they should not be used for data traffic and routing or switching purposes. In-band ports can be added or removed from Management VRF as and when required.
 
#configure terminal
Enter configure mode
(config)#interface xe1/1
Enter interface mode
(config-if)#ip vrf forwarding management
Add in-band port to Management VRF
(config-if)#exit
Exit interface mode
(config)#exit
Exit configuration mode
 
#configure terminal
Enter configure mode
(config)#interface xe1/1
Enter interface mode
(config-if)# no ip vrf forwarding management
Remove in-band port from Management VRF
(config-if)#exit
Exit interface mode
(config)#exit
Exit configuration mode
Using Ping in Management VRF
To check reachability to any node in the management network, you need to explicitly mention the VRF name as “management.”
In the following example, Node-1 has management interface eth0 and Node-2 has management interfaces eth0 and xe3/1. In order to reach the network 20.20.20.40/24 from Node-1 a static route needs to added.
#configure terminal
Enter configure mode
(config)# ip route vrf management 20.20.20.0/24 10.12.44.106 eth0
 
 
Add static route in management VRF to reach 20.20.20.0/24 network
 
 
 
(config)#exit
Exit configuration mode
Node-1#show ip route vrf management
Codes: K - kernel, C - connected, S - static, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "management"
C 10.12.44.0/24 is directly connected, eth0
S 20.20.20.0/24 [1/0] via 10.12.44.106, eth0
 
Gateway of last resort is not set
 
Node-1#ping 20.20.20.40 vrf management
PING 20.20.20.40 (20.20.20.40) 56(84) bytes of data.
64 bytes from 20.20.20.40: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 20.20.20.40: icmp_seq=2 ttl=64 time=0.476 ms