Using the Management Interface
Overview
OcNOS provides support for different types of Management Interfaces. The management interface can be the standard out of band (OOB) port, or any in-band port.
To provide segregation between management traffic and data traffic, OcNOS provides a Management VRF. The Management VRF is created by default when OcNOS boots. This VRF cannot be deleted. All ports used as Management Interface needs to be in Management VRF. The management VRF is used for all types of Management applications listed below
• Remote access to router (SSH/Telnet)
• File transfer applications (SFTP/SCP)
• Login Authentication via Radius/Tacacs
• Network management protocols (SNMP, Netconf)
Apart from this, DHCP, DNS, NTP, Syslog, sFlow, and license/software upgrade also uses ports mapped to the management VRF for their operations. Also LLDP can run on any ports mapped to the management VRF.
Note: If the management interface flaps, the device becomes unreachable.
Management Port
The Out of Band (OOB) Management Port in OcNOS is identified as “eth0.” This port is automatically mapped to the Management VRF when OcNOS boots, and will remain in same VRF throughout. It cannot be moved out of this VRF.
The IP address of the management port can be configured statically or via DHCP.
Static IP Configuration
A static IP can be configured on the management port during ONIE installation itself, or after installation using the OcNOS CLIs commands. To configure a static IP during ONIE installation, do the following
#onie-stop
#ifconfig eth0 <ip address> netmask <subnet mask> up
Please check the Install Guide for details.
The IP address configured during ONIE installation will be applied to the management port and the same will be retained when OcNOS boot up, and the port becomes part of Management VRF.
#show running-config interface eth0
!
interface eth0
ip vrf forwarding management
ip address 10.12.44.109/24
After getting the OcNOS prompt, this IP address can be changed from the CLI.
#configure terminal | Enter configure mode |
(config)#interface eth0 | Enter interface mode |
(config-if)#ip address 10.12.44.120/24 | Assign an IPv4 address to the interface |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
If a static IP is not configured during ONIE installation the same can be configured via CLI by following the above steps. Using the OcNOS CLI, DHCP can also be enabled on the Management port.
#configure terminal | Enter configure mode |
(config)#interface eth0 | Enter interface mode |
(config-if)#ip address dhcp | Enable DHCP on interface |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Obtaining IP Address via DHCP
During onie installation, the management port attempts to acquire IP address via DHCP automatically unless stopped explicitly using the onie-stop command. So, if management port is getting IP via DHCP, after OcNOS boots, the management port will continue to use DHCP, even when it is part of the Management VRF.
#show running-config interface eth0
!
interface eth0
ip vrf forwarding management
ip address dhcp
After OcNOS boots, the IP address can be changed to any static IP from the command line as shown earlier.
In-Band Ports
Any front-end ports of the device (in-band ports) can be made part of the management VRF. Once they are part of the management VRF they can also support all management applications such as SSH/Telnet and others as listed in
Overview.
Once the ports are part of the management VRF, they should not be used for data traffic and routing or switching purposes. In-band ports can be added or removed from Management VRF as and when required.
#configure terminal | Enter configure mode |
(config)#interface xe1/1 | Enter interface mode |
(config-if)#ip vrf forwarding management | Add in-band port to Management VRF |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
#configure terminal | Enter configure mode |
(config)#interface xe1/1 | Enter interface mode |
(config-if)# no ip vrf forwarding management | Remove in-band port from Management VRF |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Using Ping in Management VRF
To check reachability to any node in the management network, you need to explicitly mention the VRF name as “management.”
In the following example, Node-1 has management interface eth0 and Node-2 has management interfaces eth0 and xe3/1. In order to reach the network 20.20.20.40/24 from Node-1 a static route needs to added.
Ping in Management VRF topology
#configure terminal | Enter configure mode |
(config)# ip route vrf management 20.20.20.0/24 10.12.44.106 eth0 | Add static route in management VRF to reach 20.20.20.0/24 network |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Node-1#show ip route vrf management
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
IP Route Table for VRF "management"
C 10.12.44.0/24 is directly connected, eth0
S 20.20.20.0/24 [1/0] via 10.12.44.106, eth0
Gateway of last resort is not set
Node-1#ping 20.20.20.40 vrf management
PING 20.20.20.40 (20.20.20.40) 56(84) bytes of data.
64 bytes from 20.20.20.40: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 20.20.20.40: icmp_seq=2 ttl=64 time=0.476 ms