...
Table 8.6 Supported MGMT Port Uses for Various appliance Configurations Appliance Configuration | Appliance Management | Grid Communications | DNS Services |
---|
Single Independent Appliance | Image Modified | Not Applicable | Image Modified |
Independent HA Pair | Image Modified | Not Applicable | Image Modified |
Grid Master | Image Modified | Image Modified | Image Modified |
Grid Master Candidate | Image Modified | Image Modified | Image Modified |
HA Grid Member | Image Modified | Image Modified | Image Modified |
Single Grid Member | Image Modified | Image Modified | Image Modified |
* Although you manage all Grid members through the Grid Master, if you enable the MGMT port on common Grid members, they can send syslog events, SNMP traps, and e-mail notifications, and receive SSH connections on that port.
Infoblox does not support MGMT port usage for some appliance configurations (indicated by the symbol in Table 8.6 ) because it cannot provide redundancy through the use of a VIP. A Grid Master that is an HA pair needs the redundancy that a VIP interface on the HA port provides for Grid communications. Similarly, DNS servers in an HA pair need that redundancy to answer DNS queries. Because the MGMT port does not support a VIP and thus cannot provide redundancy, Grid Masters (and potential Grid Masters) do not support Grid communications on the MGMT port.
In addition, NIOS appliances in an HA pair support DNS services on the active node only (indicated by the symbol in Table 8.6 ). Only the active node can respond to queries that it receives. If a DNS client sends a query to the MGMT port of the node that happens to be the passive node, the query can eventually time out and fail.
The MGMT port is not enabled by default. By default, a NIOS appliance uses the LAN port (and HA port when deployed in an HA pair). You must log in using a superuser account to enable and configure the MGMT port. You can configure both IPv4 address and IPv6 address for the MGMT port of a Grid member. You can enable the MGMT port through the Infoblox GUI, as explained in the following sections.
Anchor |
---|
| Appliance Management |
---|
| Appliance Management |
---|
|
Appliance Management You can restrict administrative access to a NIOS appliance by connecting the MGMT port to a subnet containing only management systems. This approach ensures that only appliances on that subnet can access the Infoblox GUI and receive appliance management communications such as syslog events, SNMP traps, and e-mail notifications from the appliance.
If you are the only administrator, you can connect your management system directly to the MGMT port. If there are several administrators, you can define a small subnet—such as 10.1.1.0/29, which provides six host IP addresses (10.1.1.1–10.1.1.6) plus the network address 10.1.1.0 and the broadcast address 10.1.1.7—and connect to the NIOS appliance through a dedicated switch (which is not connected to the rest of the network).
Figure 8.7 shows how an independent appliance separates appliance management traffic from network protocol services. Note that the LAN port is on a different subnet from the MGMT port.
Figure 8.7 Appliance Management from One or More Management Systems<place for figure> Drawio |
---|
border | true |
---|
viewerToolbar | true |
---|
| |
---|
fitWindow | false |
---|
diagramName | 8.7 |
---|
simpleViewer | false |
---|
width | |
---|
revision | 1 |
---|
|
Similarly, you can restrict management access to a Grid Master to only those appliances connected to the MGMT ports of the active and passive nodes of the Grid Master.
To enable the MGMT port on an independent appliance or Grid Master for appliance management and then cable the MGMT port directly to your management system or to a network forwarding appliance such as a switch or router:
...