Solved

Command “vrf context management” in Nexus 5000

Posted on 2013-11-04
8
4,376 Views
Last Modified: 2013-11-05
Expert

I have the question. What is the function of command  “vrf context management” in Nexus 5000 ? The command can be used for interface management ip address, and it can be used like this”

N5k-1(config)#int mgmt 0
N5k-1(config-if)#ip address 172.116.1.10/24
N5k-1(config-if)#vrf context management
N5k-1(config-vrf)#ip route 0.0.0.0 0.0.0.0 172.116.1.1

I cannot understand why it is added under interface management. What is difference between the vrf in Nexus and vrf in MPLS ?

Thank you
0
Comment
Question by:EESky
  • 4
  • 4
8 Comments
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
What is the function of command  “vrf context management” in Nexus 5000 ?
In your example, it allows you to creates a default-route for the "management" context. Had you not issued the "vrf context management" command first, the default route would exist in the default context.
0
 

Author Comment

by:EESky
Comment Utility
Thank you for your reply!

The command "vrf context management" is creating a vrf. In here, what does "context" mean ? it is a vrf or something else ? it should not be a VDC ? One VDC can have several vrf, right ?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Not exactly. In this situation, you are changing to the configuration mode for the management vrf.  You don't create the management vrf since it was pre-existing. In fact, you can't delete the management vrf.

The "context" is simply a required keyword.

And yes, you have... 16,000 (IIRC) vrf's in a VDC.
0
 

Author Comment

by:EESky
Comment Utility
N5k-1(config)#int mgmt 0
N5k-1(config-if)#ip address 172.116.1.10/24
N5k-1(config-if)#vrf context management
N5k-1(config-vrf)#ip route 0.0.0.0 0.0.0.0 172.116.1.1


Can i say that all of the commands are for using management interface ? If so, i would be able to login to the Nexus through the management interface and make any configuration in the whole Nexus, right ?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Yes and yes.
0
 

Author Comment

by:EESky
Comment Utility
Thank you !

Had you not issued the "vrf context management" command first, the default route would exist in the default context.

With "the default route would exist in the default context."  does it mean the default context would exist in the default context and could not go out ?


Usually Cisco devices need to be configured with management interface, which are two commands: #int management and #ip address x.x.x.x. What made the difference of management interface configuration between Nexus and others? If we configure management interface in Nexus like general Cisco router and switch, can it work well ? Thank you.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
Comment Utility
does it mean the default context would exist in the default context and could not go out ?
Huh???

Usually Cisco devices need to be configured with management interface, which are two commands: #int management and #ip address x.x.x.x. What made the difference of management interface configuration between Nexus and others?
Okay, in the past, Cisco switches were managed either through the console port or through an SVI (VLAN interface).  Most people prefer using telnet (or SSH) to the SVI because it's WAY faster than the console port. The problem with the SVI management approach is that management traffic and data traffic are intermixed (and we like to keep that traffic separate).

In an effort to fully segregate management and data traffic, Cisco implemented the "MGMT" Interface.  The way I explain this in class is that it's like a console port except that instead of slow, tired old RS-232, it's gig ethernet.  So you get the best of both worlds: totally segregated and fast.

Now, since the MGMT interface uses IP and we want to insure that the data and management traffic is completely segregated, a second VRF (the management VRF) was created that is only used by the MGMT interface.  Since traffic from one VRF can't use ports or processes from another VRF (without some additional work, that is), the management traffic is kept separate from the data traffic.

How's that?
0
 

Author Comment

by:EESky
Comment Utility
Excellent! You are really an expert. Thank you !
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Use VLAN to separate WiFi from everything else 9 77
Wireless connection 6 45
solarwind tftp server 2 30
RIP Routing 5 45
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now