...

The MGMT (Management) port is a 10/100/1000Base-T Ethernet connector on the front panel of the TE-810, TE-820, TE-1410, TE-1420, TE-2210, TE-2220, and IB-4010 appliances. It allows you to isolate the following types of traffic from other types of traffic on the LAN and HA ports:

• Appliance Management
• Grid Communications
• DNS Services

For information about what types of traffic qualify as appliance management, Grid communications, and DNS services, see Table 8.5.

...

* Although you manage all Grid members through the Grid Master, if you enable the MGMT port on common Grid members, they can send syslog events, SNMP traps, and e-mail notifications, and receive SSH connections on that port.
Infoblox does not support MGMT port usage for some appliance configurations because it cannot provide redundancy through the use of a VIP. A Grid Master that is an HA pair needs the redundancy that a VIP interface on the HA port provides for Grid communications. Similarly, DNS servers in an HA pair need that redundancy to answer DNS queries. Because the MGMT port does not support a VIP and thus cannot provide redundancy, Grid Masters (and potential Grid Masters) do not support Grid communications on the MGMT port.
In addition, NIOS appliances in an HA pair support DNS services on the active node only. Only the active node can respond to queries that it receives. If a DNS client sends a query to the MGMT port of the node that happens to be the passive node, the query can eventually time out and fail.
The MGMT port is not enabled by default. By default, a NIOS appliance uses the LAN port (and HA port when deployed in an HA pair). You must log in using a superuser account to enable and configure the MGMT port. You can configure both IPv4 address and IPv6 address for the MGMT port of a Grid member. You can enable the MGMT port through the Infoblox GUI, as explained in the following sections.

Appliance Management

You can restrict administrative access to a NIOS appliance by connecting the MGMT port to a subnet containing only management systems. This approach ensures that only appliances on that subnet can access the Infoblox GUI and receive appliance management communications such as syslog events, SNMP traps, and e-mail notifications from the appliance.
If you are the only administrator, you can connect your management system directly to the MGMT port. If there are several administrators, you can define a small subnet—such as 10.1.1.0/29, which provides six host IP addresses (10.1.1.1–10.1.1.6) plus the network address 10.1.1.0 and the broadcast address 10.1.1.7—and connect to the NIOS appliance through a dedicated switch (which is not connected to the rest of the network). Figure 8.7 shows how an independent appliance separates appliance management traffic from network protocol services. Note that the LAN port is on a different subnet from the MGMT port.

...

1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
2. In the Network -> Basic tab of the Grid Member Properties editor, add the MGMT port to the Additional Ports and Addresses table as follows:
3. Click the Add icon and select MGMT (IPv4) to configure an IPv4 address or select MGMT (IPv6) to configure an IPv6 address for the MGMT port. You can configure both IPv4 and IPv6 addresses for the MGMT port.
   Grid Manager adds a row for the MGMT port. For an HA pair, it adds two rows, one for each node.
4. Enter the following in the row of the MGMT port for a single Grid Master or independent appliance, and in the rows of the two nodes for an HA Grid Master or independent HA pair:
   • Interface: Displays the name of the interface. You cannot modify this.
   • Address: Type the IP address for the MGMT port, which must be in a different subnet from that of the LAN and HA ports.
   • Subnet Mask (IPv4) or Prefix Length (IPv6): For IPv4 address, specify an appropriate subnet mask for the number of management systems that you want to access the appliance through the MGMT port. For IPv6 address, specify the prefix length.
   • Gateway: Type the default gateway for the MGMT port. If you need to define any static routes for traffic originating from the MGMT port—such as SNMP traps, syslog events, and email notifications—destined for remote subnets beyond the immediate subnet, specify the IP address of this gateway in the route.
   • Port Settings: Choose the connection speed that you want the port to use. You can also choose the duplex setting. Choose Full for concurrent bidirectional data transmission or Half for data transmission in one direction at a time. Select Automatic to instruct the NIOS appliance to negotiate the optimum port connection type (full or half duplex) and speed with the connecting switch automatically. This is the default setting. You cannot configure port settings for vNIOS appliances.
   • DSCP Value: Displays the Grid DSCP value. To modify, click Override and then enter the DSCP value. You can enter a value from 0 to 63. For information about DSCP, see Implementing Quality of Service Using DSCP.
5. In the Network -> Advanced tab, make sure that the Enable VPN on MGMT Port check box is not selected.
6. Save the configuration and click Restart if it appears at the top of the screen.
7. Log out of Grid Manager.
8. Cable the MGMT port to your management system or to a switch or router to which your management system can also connect.
9. If your management system is in a subnet from which it cannot reach the MGMT port, move it to a subnet from which it can.
   The Infoblox Grid Manager GUI is now accessible through the MGMT port on the NIOS appliance from your management system.
10. Open an Internet browser window and enter the IP address of the MGMT port as follows: https://<IP address of MGMT port>.
11. Log in to Grid Manager.
12. Check the Detailed Status panel of the Grid member to make sure the status icons are green.

 Grid Grid Communications

You can isolate all Grid communications to a dedicated subnet as follows:

...