Configuring In-Band Management for the Layer 3 Connected APIC Cluster
When you deploy in-band management with a Layer 3-connected Cisco Application Policy Infrastructure Controller (APIC) cluster, the in-band management VRF instance (mgmt:inb) is not routed through the spine switches to the IPN. Connectivity to the in-band management interfaces on the Cisco APIC must be routed from an L3Out configured from the leaf switches. This L3Out should be configured in the mgmt tenant for the in-band management VRF instance.
 Note |
You must have an external firewall between the IPN and the Cisco APIC to control the in-band traffic. |
To configure in-band management for the Layer 3 connected Cisco APIC cluster, follow these steps.
-
Configure the Cisco APIC upstream switches.
Using the example topology shown in In-Band Management, the upstream switch can be configured as follows.interface Vlan100 no shutdown vrf member IPN ip address 172.16.0.252/24 ip ospf passive-interface ip router ospf 1 area 0.0.0.0 hsrp version 2 hsrp 100 ip 172.16.0.1 interface Vlan101 no shutdown vrf member IPN ip address 172.16.10.252/24 ip ospf passive-interface ip router ospf 1 area 0.0.0.0 hsrp version 2 hsrp 101 ip 172.16.10.1You can route the in-band management network using the IPN VRF instance or you can choose a different VRF instance.
-
Configure the Cisco APICs for in-band management using the normal in-band management configuration procedure.
-
Configure the static node management addresses for each Cisco APIC. In the example, the in-band management subnet is 172.16.10.0/24 and the in-band management IPv4 gateway for the Cisco APICs is 172.16.10.1.
-
Configure the in-band EPG. For the encapsulation VLAN, you can use any VLAN except for the infrastructure VLAN ID specified during the initial cluster bringup. In the example, VLAN 101 is used.
For additional information about configuring in-band management, see the "Static In-band Management" section of the Cisco APIC and Static Management Access tech note.
-
-
Configure the Cisco APIC interfaces on the upstream switches.
The Cisco APIC-connected interface must be a trunk interface. If the Cisco APICs were initialized with an infra VLAN other than 0, you can configure the interface as in the following example.
interface Ethernet1/1 switchport mode trunk switchport trunk allowed vlan 100-101If the Cisco APICs were initialized with 0 as the infra VLAN, you must configure the upstream switch with a native VLAN, as in the following example.
interface Ethernet1/1 switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100-101Note
You cannot change the Cisco APIC infra VLAN ID after the cluster is formed.
Feedback