Fa1 Interface and mgmtVrf
Caution
The
Ethernet management port is intended for out-of-band access only. Like
the console port, the Ethernet management port has direct access to
critical resources on the switch. Connecting this port to an in-band
network might cause performance degradation and vulnerability to a
denial of service attack.
The
Ethernet management port is intended for out-of-band access only. Like
the console port, the Ethernet management port has direct access to
critical resources on the switch. Connecting this port to an in-band
network might cause performance degradation and vulnerability to a
denial of service attack.
All features that use fa1 now need to be VRF-aware.
Note You
cannot configure any other interface in the same routing domain and you
cannot configure a different routing domain for the Fa1 interface.
You
cannot configure any other interface in the same routing domain and you
cannot configure a different routing domain for the Fa1 interface.
On bootup the fa1 port assumes the following default configuration:
ip unicast-routing
ip vrf mgmtVrf
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
speed auto
duplex auto
Switch# show ip vrf
Name Default RD Interfaces
mgmtVrf Fa1
Because the management port is placed in
mgmtVrf, you should be aware of the VRF aware commands required for the
following tasks:
•Ping
Ping
•TFTP
TFTP
•FTP
FTP
•SSH
SSH
Note Command
usage specific to the mgmtVrf are mentioned below. The additional
configuration needed to make the feature work needs to be configured.
Command
usage specific to the mgmtVrf are mentioned below. The additional
configuration needed to make the feature work needs to be configured. Ping
If you want to ping an IP address that is reachable through an fa1 port, enter the following command:
Switch# ping vrf mgmtVrf ip address
For example,
Switch# ping vrf mgmtVrf 20.20.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
TraceRoute
Switch# traceroute vrf mgmtVrf ip address
Eg: Switch# traceroute vrf mgmtVrf 20.20.20.1
Type escape sequence to abort.
Tracing the route to 20.20.20.1
1 20.20.20.1 0 msec 0 msec *
Telnet
If you want to Telnet to a remote switch through the Fa1 port, enter the following command:
Switch# telnet /vrf mgmtVrf
word IP address or hostname of a remote system
An example
Switch# telnet 20.20.20.1 /vrf mgmtVrf
Trying 20.20.20.1 ... Open
User Access Verification
Password:
switch> en
Password:
switch#
TFTP
If you want to use Fa1 port for TFTP operation, configure the Fa1 port as the source interface for TFTP as follows:
Switch# ip tftp source-interface fastEthernet1
FTP
If you want to use an Fa1 port for an FTP operation, configure the Fa1 port as the source interface for FTP as follows:
Switch# ip ftp source-interface fastEthernet1
SSH
If you want initiate SSH from your switch through the Fa1 port, enter the following command:
Switch# ssh -l <login name> -vrf mgmtVrf <ip address>
For example,
Switch# ssh -l xyz -vrf mgmtVrf 20.20.20.1
沒有留言:
張貼留言