You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-nexus/howto-set-up-break-glass-access-using-in-band-management.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,21 +12,18 @@ ms.custom: template-how-to
12
12
# Break-Glass access using In-Band management
13
13
14
14
In the Nexus Network Fabric (NNF), there is an out-of-band management network where most Fabric devices are connected to management switches via management ports (Ma1). The only exceptions are the Terminal Server and Aggregation Management Switches.
15
-
To address the potential single point of failure posed by the management switch, Microsoft team has provided the Redundant In-band Management Break Glass Access feature.
15
+
To address the potential single point of failure posed by the management switch, Microsoft team has provided the In-band Management Break Glass Access feature.
16
16
17
-
> [!Note]
18
-
> Currently, pivot to gNMI to use loopback6 is not supported.
The Redundant In-band management break glass access feature provides a backup mechanism for the operations team to access Arista devices in the event of a primary management path failure. This feature allows operators to SSH into Arista devices using the loopback IP over the control plane VLAN / In-band management VRF, ensuring continuity of device management.
17
+
## In-Band management break glass access
18
+
The In-band management break glass access feature provides a backup mechanism for the operations team to access Arista devices in the event of a primary management path failure. This feature allows operators to SSH into Arista devices using the loopback IP over the control plane VLAN / In-band management VRF, ensuring continuity of device management.
22
19
23
20
### Primary and backup paths
24
21
25
22
• **Primary path:** The default method for accessing Arista devices is via the MA1 interface, which is used for management operations under normal conditions.
26
23
27
24
• **Backup path:** In cases where the primary path is unavailable, the break glass access allows operators to SSH to the device using the loopback IP over the control plane VLAN / In-band management VRF.
28
25
29
-
The in-band management path is applicable only to devices configured and participating in BGP, excluding management switches and Network Packet Brokers (NPB). NPB does not support routing, and it is recommended against creating complex workarounds to enable such capability. The in-band management path relies on BGP because it provides dynamic routing, redundancy, resilience, policy-based routing, and scalability, all of which are essential for ensuring that management traffic can be reliably routed through the network.
26
+
The in-band management path is applicable only to devices configured and participating in BGP, excluding management switches and Network Packet Brokers (NPB). NPB does not support routing, and it is recommended against creating complex workarounds to enable such capability. The in-band management path relies on BGP because it provides dynamic routing, redundancyand resilience, ensuring that management traffic can be reliably routed through the network.
30
27
31
28
To support in-band management, a new loopback interface (lo6) is created on network devices. The addresses of these loopback interfaces will be advertised to the Provider Edge (PE) via the INFRA-MGMT VRF from the Customer Edge (CE). Customer IP addresses will be advertised to the Top of Rack (ToR) switches from the CEs via the default VRF.
0 commit comments