In this section:


This object allows you to configure a group of management IP interfaces for the default address context.

Key Management Interface functionality:

  • One non-VLAN and up to 15 VLAN management interfaces can be configured on each physical management port for a total of 16.
  • Users can choose aribitrary VLAN tag values from 2-4094.
  • Users can use non-VLAN management interfaces when VLAN management interfaces are configured.
  • The VLAN interfaces on management ports follow the same redundancy model as the existing untagged management port interfaces.

  • The management interface can have one IPv4 address and/or one IPv6 address. 

  • Unlike a packet port, the management port supports both non-VLAN and VLAN interfaces on the same management port.

  • Each management port should be configured with the same set of VLANs in order to provide port redundancy. 
  • Management interfaces in the same VLAN should be in the same subnet.
Note
A management IP interface must contain at least one IP address to be considered valid.

Command Syntax

% set system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> mgmtIpInterface <IP_Intfce_name>
	ceName <ceName>
	ipAddressV4 <IPv4_address>
	ipAddressV6 <IPv6_address>
	portName <mgt0 | mgt1 | mgt2 | mgt3>
	prefixV4 <prefix>
	prefixV6 <prefix>
	state <disabled | enabled>
	vlanTag <2-4094>
For management interface groups (and interfaces), the default address context is implied, and therefore the address context is not specified.
Note

If the management IP is changed and the box is not accessible, use the following workaround steps to restore the old IP used during SSH:

  1. Log on to the BMC.
  2. Navigate to the CLI mode.
  3. Change the IP to the old management IP used during SSH.

The management IP used during SSH is restored.

% show system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> mgmtIpInterface <IP_Intfce_name>
 
% delete system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> 
	mgmtIpInterface <mgmt_interface_#> 
	ipAddressV4 
	ipAddressV6 
	prefixV4 
	prefixV6
	vlanTag

The above delete command allows the deletion of an IPv4 address and prefix on the management interface only if:

  • the state is set to 'disabled', and
  • an IPv6 address exists.

Command Parameters

The following table represents Management IP Interface Group parameters:

Parameter

Length/Range

Description

mgmtIpInterfaceGroup

1-23

IP Interface Group name.

mgmtIpInterface

1-23

Management IP interface name.

ceName

1-255

Name of the computing element that hosts the port used by management IP interface. 

ceName identifies each node (active or standby). System name identifies the HA pair. SBC is deployed in 1:1 redundancy (active or standby).

ipAddressV4

0-32

IPv4 address of the interface.
Length is in the range of 0 to 32. The 32-bit IP address in dotted decimal form (for example 128.127.50.224).

ipAddressV6

0-128

IPv6 address of the interface.
Length is in the range of 0 to 128. The eight 16-bit IP address in hexadecimal values separated by colons (for example 1280:1276:3350:2224:2222:3333:8888:1245). 

Duplicate Address Detection procedures are performed on interfaces configured with IPv6 addresses. If a duplicate address is found in the network, a warning message is output to Linux logs at /var/log/syslog and /var/log/messages. Example message:


"Nov 12 08:52:35 SBC-1 kernel: [854194.740638] mgt1: IPv6 duplicate address fc00::100:0:0:100:1 detected"

portName

N/A

Port used by management IP interface (either two or four mgmt ports are available depending upon if SBC is configured for HA).

  • mgt0
  • mgt1
  • mgt2
  • mgt3

prefixV4

0-32

IPv4 subnet prefix of management interface.

prefixV6

0-128

IPv6 subnet prefix of management interface.

state

N/A

Administrative state of the management network interface.

  • disabled – (default) The management IP interface is inactive and does not respond to a ping.
  • enabled – The management IP interface is active and responds to a ping (Ethernet cable must be connected).
vlanTag2-4094, arbitrary

<VLAN tag> (default = 0) – Use this parameter to assign an arbitrary VLAN tag value to a management interface to facilitate isolating/separating management activities. For example, when PSX queries are being performed in one management VLAN interface, the EMA can be accessed on another management VLAN interface on the same management Ethernet port, while yet another VLAN interface can be used for Lawful Intercept (LI).

NOTE: Use a default value of "0" for a non-VLAN management interface.

Command Example

To display management IP interfaces:

% show system mgmtIpInterfaceGroup  
	mgmtIpInterfaceGroup mgmtGroup {  
		mgmtIpInterface mgmtIntf1 {  
			ceName merc;  
			portName mgt0;  
			ipAddressV4 10.34.26.151;  
			prefixV4 3;  
			ipAddressV6 ::FFFF:10.34.26.151;  
			prefixV6 64;  state enabled;  
		}  
		mgmtIpInterface mgmtIntf2 {  
		ceName merc;  
		portName mgt1;  
		ipAddressV4 0.0.0.0;  prefixV4 24;  
		ipAddressV6 ::FFFF:0.0.0.0;  
		prefixV6 64;  
		state enabled;  
		}  
	}

To create management interfaces on two subnets in SBC HA setup:

Step 1: Add mgmtIntf2 and mgmtIntf4 to newly created mgmtGroup1

% set system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf2 state disabled  
% commit  
% delete system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf2  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup1  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface 
	mgmtIntf2 ceName hayabusa portName mgt1 ipAddressV4 
	10.54.67.47 prefixV4 24 ipAddressV6 ::FFFF:10.54.67.47 
	prefixV6 64  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface 
	mgmtIntf2 state enabled  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf4 state disabled  
% commit  
% delete system mgmtIpInterfaceGroup mgmtGroup 
	mgmtIpInterface mgmtIntf4  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface 
	mgmtIntf4 ceName augusta portName mgt1 ipAddressV4 
	10.54.67.48 prefixV4 24 ipAddressV6 ::FFFF:10.54.67.48 
	prefixV6 64  
% commit  
% set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface 
	mgmtIntf4 state enabled  
% commit 
% show system mgmtIpInterfaceGroup mgmtIpInterfaceGroup 
	mgmtGroup 
	{  mgmtIpInterface mgmtIntf1 {  
		ceName hayabusa;  
		portName mgt0;  
		ipAddressV4 10.54.66.50;  
		prefixV4 24;  
		ipAddressV6 ::FFFF:10.54.66.50;  
		prefixV6 64;  
		state enabled;  
	}  
	mgmtIpInterface mgmtIntf3 {  
		ceName augusta;  
		portName mgt0;  
		ipAddressV4 10.54.66.59;  
		prefixV4 24;  
		ipAddressV6 ::FFFF:10.54.66.59;  
		prefixV6 64;  
		state enabled;  
	}  
}  
mgmtIpInterfaceGroup mgmtGroup1 {  
	mgmtIpInterface mgmtIntf2 {  
		ceName hayabusa;  
		portName mgt1;  
		ipAddressV4 10.54.67.47;  
		prefixV4 24;  	
		ipAddressV6 ::FFFF:10.54.67.47;  
		prefixV6 64;  
		state enabled;  
	}  
	mgmtIpInterface mgmtIntf4 {  
		ceName augusta;  
		portName mgt1;  
		ipAddressV4 10.54.67.48;  
		prefixV4 24;  
		ipAddressV6 ::FFFF:10.54.67.48;  
		prefixV6 64;  
		state enabled;  
	}  
}

Step 2: Add static routes referencing the management interface:

% set system mgmtStaticRoute 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf1 preference 10  
% set system mgmtStaticRoute 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf3 preference 10  
% set system mgmtStaticRoute 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf2 preference 10  
% set system mgmtStaticRoute 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf4 preference 10 
% show table system mgmtStaticRoute  
					IP 		IP  
DESTINATION 				INTERFACE 	INTERFACE  
IP ADDRESS PREFIX NEXT HOP 		GROUP NAME NAME 
   PREFERENCE  --------------------------------------------------------
	------------  
0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf1 10  
0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf3 10  
0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf2 10  
0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf4 10

Step 3: Add ACL rules on mgmtGroup1: 


Note

The Bucket Size value is insignificant if the Fill Rate value is unlimited.

  • The Fill Rate is the maximum rate you expect for the traffic to pass the policer.
  • The Bucket Size is the number of additional packets allowed to pass in a given period if available packets are in the bucket. The credit balance is consumed before the packets are discarded.

If the ACL rules with action = discard, the Fill Rate and the Bucket Size values are irrelevant, and the packets are dropped based on the Type, IP address, or Port.

The Fill Rate and the Bucket Size parameters do not play any role since the policer portion of an ACL is only applicable for the "accept" action and is ignored with the "discard" action since all the packets are already discarded by the criteria.

 % show table addressContext default ipAccessControlList rule 
SOURCE 			DESTINATION 
					IP 			MGMT IP 
ADDRESS 		ADDRESS 
						INTERFACE IP 		INTERFACE MGMT IP SOURCE 
IP 	PREFIX 	DESTINATION 	PREFIX 			SOURCE 	DESTINATION 					BUCKE 
NAME 			PRECEDENCE PROTOCOL 	GROUP 			INTERFACE GROUP 		INTERFACE 
ADDRESS 	LENGTH 		IP ADDRESS LENGTH 		PORT 	PORT 		ACTION 			FILL RATE 
SIZE 
mgmt2_22 200 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 22 accept 100 10 
mgmt2_80 201 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 80 accept 100 10 
mgmt4_22 300 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 22 accept 100 10 
mgmt4_80 301 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 80 accept 100 10 
mgmt2_123 103 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 123 any accept 4 4 
mgmt2_161 202 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 161 accept 50 10 
mgmt2_162 104 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 162 any accept 10 10 
mgmt2_443 208 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 443 accept 100 10 
mgmt4_123 303 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 123 any accept 4 4 
mgmt4_161 302 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 161 accept 50 10 
mgmt4_162 304 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 162 any accept 10 10 
mgmt4_443 308 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 443 accept 100 10 
mgmt2_1812 105 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 1812 any accept 4 4 
mgmt2_1813 110 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 1813 any accept 1200 250 
mgmt2_2022 206 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 2022 accept 10 10 
mgmt2_2024 209 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 2024 accept 2500 250 
mgmt4_1812 305 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 1812 any accept 4 4
mgmt4_1813 310 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 1813 any accept 1200 250 
mgmt4_2022 306 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 2022 accept 10 10 
mgmt4_2024 309 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 2024 accept 2500 250

Step 4: Create two logical management IP interfaces one for each subnet:

 % set system logicalMgmtIpInterface mgmtGroup1 ipAddress 
	10.54.67.50  
% commit  
% set system logicalMgmtIpInterface AGMGM 
mgmtIpInterfaceGroupName mgmtGroup1 state enabled  
% commit  
% set system logicalMgmtIpInterface mgmtGroup ipAddress 
	10.54.66.65  
% commit  
% set system logicalMgmtIpInterface HAMGM 
	mgmtIpInterfaceGroupName mgmtGroup state enabled  
% commit 
% show system logicalMgmtIpInterface logicalMgmtIpInterface 
	AGMGM {  
		mgmtIpInterfaceGroupName mgmtGroup1;  
		ipAddress 10.54.67.50;  
		state enabled;  
	}  
	logicalMgmtIpInterface HAMGM {  
		mgmtIpInterfaceGroupName mgmtGroup;  
		ipAddress 10.54.66.65;  
		state enabled;  }
If one management port goes down the other logical management IP interface on the other subnet must be used. A two-subnet configuration is a more robust network design.