In this section:
This object allows you to configure a group of management IP interfaces for the default address context. Key Management Interface functionality: The VLAN interfaces on management ports follow the same redundancy model as the existing untagged management port interfaces. The management interface can have one IPv4 address and/or one IPv6 address. Unlike a packet port, the management port supports both non-VLAN and VLAN interfaces on the same management port.
% set system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> mgmtIpInterface <IP_Intfce_name> ceName <ceName> ipAddressV4 <IPv4_address> ipAddressV6 <IPv6_address> portName <mgt0 | mgt1 | mgt2 | mgt3> prefixV4 <prefix> prefixV6 <prefix> state <disabled | enabled> vlanTag <2-4094>
If the management IP is changed and the box is not accessible, use the following workaround steps to restore the old IP used during SSH:
The management IP used during SSH is restored.
% show system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> mgmtIpInterface <IP_Intfce_name> % delete system mgmtIpInterfaceGroup <mgmtIpIntfceGrp_name> mgmtIpInterface <mgmt_interface_#> ipAddressV4 ipAddressV6 prefixV4 prefixV6 vlanTag
The above delete
command allows the deletion of an IPv4 address and prefix on the management interface only if:
The following table represents Management IP Interface Group parameters:
Parameter | Length/Range | Description |
---|---|---|
| 1-23 | IP Interface Group name. |
| 1-23 | Management IP interface name. |
| 1-255 | Name of the computing element that hosts the port used by management IP interface. ceName identifies each node (active or standby). System name identifies the HA pair. SBC is deployed in 1:1 redundancy (active or standby).
|
| 0-32 | IPv4 address of the interface. |
| 0-128 | IPv6 address of the interface. Duplicate Address Detection procedures are performed on interfaces configured with IPv6 addresses. If a duplicate address is found in the network, a warning message is output to Linux logs at /var/log/syslog and /var/log/messages. Example message:
|
| N/A | Port used by management IP interface (either two or four mgmt ports are available depending upon if SBC is configured for HA).
|
| 0-32 | IPv4 subnet prefix of management interface. |
| 0-128 | IPv6 subnet prefix of management interface. |
| N/A | Administrative state of the management network interface.
|
vlanTag | 2-4094, arbitrary |
NOTE: Use a default value of "0" for a non-VLAN management interface. |
To display management IP interfaces:
% show system mgmtIpInterfaceGroup mgmtIpInterfaceGroup mgmtGroup { mgmtIpInterface mgmtIntf1 { ceName merc; portName mgt0; ipAddressV4 10.34.26.151; prefixV4 3; ipAddressV6 ::FFFF:10.34.26.151; prefixV6 64; state enabled; } mgmtIpInterface mgmtIntf2 { ceName merc; portName mgt1; ipAddressV4 0.0.0.0; prefixV4 24; ipAddressV6 ::FFFF:0.0.0.0; prefixV6 64; state enabled; } }
To create management interfaces on two subnets in SBC HA setup:
Step 1: Add mgmtIntf2
and mgmtIntf4
to newly created mgmtGroup1
% set system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf2 state disabled % commit % delete system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf2 % commit % set system mgmtIpInterfaceGroup mgmtGroup1 % commit % set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface mgmtIntf2 ceName hayabusa portName mgt1 ipAddressV4 10.54.67.47 prefixV4 24 ipAddressV6 ::FFFF:10.54.67.47 prefixV6 64 % commit % set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface mgmtIntf2 state enabled % commit % set system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf4 state disabled % commit % delete system mgmtIpInterfaceGroup mgmtGroup mgmtIpInterface mgmtIntf4 % commit % set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface mgmtIntf4 ceName augusta portName mgt1 ipAddressV4 10.54.67.48 prefixV4 24 ipAddressV6 ::FFFF:10.54.67.48 prefixV6 64 % commit % set system mgmtIpInterfaceGroup mgmtGroup1 mgmtIpInterface mgmtIntf4 state enabled % commit % show system mgmtIpInterfaceGroup mgmtIpInterfaceGroup mgmtGroup { mgmtIpInterface mgmtIntf1 { ceName hayabusa; portName mgt0; ipAddressV4 10.54.66.50; prefixV4 24; ipAddressV6 ::FFFF:10.54.66.50; prefixV6 64; state enabled; } mgmtIpInterface mgmtIntf3 { ceName augusta; portName mgt0; ipAddressV4 10.54.66.59; prefixV4 24; ipAddressV6 ::FFFF:10.54.66.59; prefixV6 64; state enabled; } } mgmtIpInterfaceGroup mgmtGroup1 { mgmtIpInterface mgmtIntf2 { ceName hayabusa; portName mgt1; ipAddressV4 10.54.67.47; prefixV4 24; ipAddressV6 ::FFFF:10.54.67.47; prefixV6 64; state enabled; } mgmtIpInterface mgmtIntf4 { ceName augusta; portName mgt1; ipAddressV4 10.54.67.48; prefixV4 24; ipAddressV6 ::FFFF:10.54.67.48; prefixV6 64; state enabled; } }
Step 2: Add static routes referencing the management interface:
% set system mgmtStaticRoute 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf1 preference 10 % set system mgmtStaticRoute 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf3 preference 10 % set system mgmtStaticRoute 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf2 preference 10 % set system mgmtStaticRoute 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf4 preference 10 % show table system mgmtStaticRoute IP IP DESTINATION INTERFACE INTERFACE IP ADDRESS PREFIX NEXT HOP GROUP NAME NAME PREFERENCE -------------------------------------------------------- ------------ 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf1 10 0.0.0.0 0 10.54.66.1 mgmtGroup mgmtIntf3 10 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf2 10 0.0.0.0 0 10.54.67.1 mgmtGroup1 mgmtIntf4 10
Step 3: Add ACL rules on mgmtGroup1
:
The Bucket Size value is insignificant if the Fill Rate value is unlimited. If the ACL rules with action = discard, the Fill Rate and the Bucket Size values are irrelevant, and the packets are dropped based on the Type, IP address, or Port. The Fill Rate and the Bucket Size parameters do not play any role since the policer portion of an ACL is only applicable for the "accept" action and is ignored with the "discard" action since all the packets are already discarded by the criteria.
% show table addressContext default ipAccessControlList rule SOURCE DESTINATION IP MGMT IP ADDRESS ADDRESS INTERFACE IP INTERFACE MGMT IP SOURCE IP PREFIX DESTINATION PREFIX SOURCE DESTINATION BUCKE NAME PRECEDENCE PROTOCOL GROUP INTERFACE GROUP INTERFACE ADDRESS LENGTH IP ADDRESS LENGTH PORT PORT ACTION FILL RATE SIZE mgmt2_22 200 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 22 accept 100 10 mgmt2_80 201 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 80 accept 100 10 mgmt4_22 300 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 22 accept 100 10 mgmt4_80 301 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 80 accept 100 10 mgmt2_123 103 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 123 any accept 4 4 mgmt2_161 202 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 161 accept 50 10 mgmt2_162 104 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 162 any accept 10 10 mgmt2_443 208 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 443 accept 100 10 mgmt4_123 303 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 123 any accept 4 4 mgmt4_161 302 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 161 accept 50 10 mgmt4_162 304 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 162 any accept 10 10 mgmt4_443 308 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 443 accept 100 10 mgmt2_1812 105 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 1812 any accept 4 4 mgmt2_1813 110 udp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 1813 any accept 1200 250 mgmt2_2022 206 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 2022 accept 10 10 mgmt2_2024 209 tcp - - mgmtGroup1 mgmtIntf2 0.0.0.0 0 0.0.0.0 0 any 2024 accept 2500 250 mgmt4_1812 305 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 1812 any accept 4 4 mgmt4_1813 310 udp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 1813 any accept 1200 250 mgmt4_2022 306 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 2022 accept 10 10 mgmt4_2024 309 tcp - - mgmtGroup1 mgmtIntf4 0.0.0.0 0 0.0.0.0 0 any 2024 accept 2500 250
Step 4: Create two logical management IP interfaces one for each subnet:
% set system logicalMgmtIpInterface mgmtGroup1 ipAddress 10.54.67.50 % commit % set system logicalMgmtIpInterface AGMGM mgmtIpInterfaceGroupName mgmtGroup1 state enabled % commit % set system logicalMgmtIpInterface mgmtGroup ipAddress 10.54.66.65 % commit % set system logicalMgmtIpInterface HAMGM mgmtIpInterfaceGroupName mgmtGroup state enabled % commit % show system logicalMgmtIpInterface logicalMgmtIpInterface AGMGM { mgmtIpInterfaceGroupName mgmtGroup1; ipAddress 10.54.67.50; state enabled; } logicalMgmtIpInterface HAMGM { mgmtIpInterfaceGroupName mgmtGroup; ipAddress 10.54.66.65; state enabled; }