Posted on March 11, 2020 5:35 pm
 |  Asked by Teddy Brewski
 |  108 views
0
0
Print Friendly, PDF & Email

Hello,

A pair of Arista DCS-7020SR switches (running 4.23.0F) which will be used as L3 routers. All routing interfaces are in port-channels with VRRP configured.

My question is: how do I specify different default routes for management and data traffic? Would the config below work?

Many thanks.

!
vlan 20
name EXTERNAL-192.168.20.0-24
!
vlan 30
name INTERNAL-10.168.10.0-24
!
interface Port-Channel20
switchport trunk allowed vlan 20
switchport mode trunk
!
interface Port-Channel20.20
encapsulation dot1q vlan 20
ip address 192.168.20.252/24
vrrp 20 priority-level 200
vrrp 20 peer authentication ietf-md5 key-string 7 XXX
vrrp 20 ipv4 192.168.20.254
!
interface Port-Channel30
switchport trunk allowed vlan 30
switchport mode trunk
!
interface Port-Channel30.30
encapsulation dot1q vlan 30
ip address 10.168.10.252/24
vrrp 30 priority-level 200
vrrp 30 peer authentication ietf-md5 key-string 7 XXX
vrrp 30 ipv4 10.168.10.254
!
!
interface Ethernet1
channel-group 20 mode active
!
interface Ethernet2
channel-group 20 mode active
!
interface Ethernet3
channel-group 30 mode active
!
interface Ethernet4
channel-group 30 mode active
!
interface Management1
ip address 172.29.0.11/24
!
ip route 0.0.0.0/0 Management1 172.29.0.254
ip route 0.0.0.0/0 Port-Channel20.20 192.168.20.1
ip route 10.10.0.0/16 Port-Channel30.30 10.168.10.1
!
ip routing
!

0
Posted by Shishio Tsuchiya
Answered on March 12, 2020 1:10 am

most basic option is vrf interface for management.

https://eos.arista.com/virtual-routing-and-forwarding-vrf-fundamentals/

 

Thank you. And if I'm using the built-in dedicated Management interface? Do I still need to use/configure vrf?
(Teddy Brewski at March 14, 2020 1:35 pm)
You don't absolutely need to use a VRF for management, but it's a pretty useful approach. If you have a default route pointing out management, the traffic through the box won't use it (only traffic originating from the system itself), but you could still confuse upstream devices, if you were to say redistribute the static, or something along those lines. Some more recent changes in how we interact with routes from multiple protocols makes things less prone to causing problems by setting up a VRF for management.
(John Gill at March 16, 2020 12:57 am)

Post your Answer

You must be logged in to post an answer.