Segmented Management

Table 1. Segmented Management Instance product support

Feature

Product

Release introduced

Segmented Management Instance - Management Interface CLIP

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

VOSS 7.0

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 7.0

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VOSS 7.0

VSP 8400 Series

VOSS 7.0

VSP 8600 Series

VSP 8600 8.0

XA1400 Series

VOSS 8.1.1 - IPv4 only

Note:

VOSS 8.1.50 does not support this feature.

Segmented Management Instance - Management Interface OOB

5320 Series

Not Applicable

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

Not Supported

VSP 4900 Series

VOSS 8.2

VSP 7200 Series

VOSS 8.2

VSP 7400 Series

VOSS 8.2

VSP 8400 Series

VOSS 8.2

VSP 8600 Series

Not Supported

XA1400 Series

Not Supported

Segmented Management Instance - Management Interface VLAN

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

VOSS 7.0

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 7.0

VSP 7400 Series

VOSS 8.0

VSP 8400 Series

VOSS 7.0

VSP 8600 Series

Not Supported

XA1400 Series

VOSS 8.1.1 - IPv4 only

VOSS 8.2 added IPv6

Note:

VOSS 8.1.50 does not support this feature.

Segmented Management Instance — ability to migrate VLAN or loopback IP address

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

VOSS 8.2

VSP 4900 Series

VOSS 8.2

VSP 7200 Series

VOSS 8.2

VSP 7400 Series

VOSS 8.2

VSP 8200 Series

VOSS 8.2

VSP 8400 Series

VOSS 8.2

VSP 8600 Series

Not Supported

XA1400 Series

VOSS 8.2

Segmented Management Instance — DHCP Client for Management Interface OOB or Management Interface VLAN

5320 Series

Fabric Engine 8.6

OOB not supported

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

VOSS 8.2

OOB not supported

VSP 4900 Series

VOSS 8.2

VSP 7200 Series

VOSS 8.2

VSP 7400 Series

VOSS 8.2

VSP 8200 Series

VOSS 8.2

VSP 8400 Series

VOSS 8.2

VSP 8600 Series

Not Supported

XA1400 Series

VOSS 8.2

OOB not supported

Segmented Management Instance — sflow, Application Telemetry, and IPFIX

5320 Series

Fabric Engine 8.8

5420 Series

Fabric Engine 8.8

5520 Series

Fabric Engine 8.8

5720 Series

Fabric Engine 8.8

7520 Series

Fabric Engine 8.10

7720 Series

Fabric Engine 8.10

VSP 4450 Series

VOSS 8.8

VSP 4900 Series

VOSS 8.8

VSP 7200 Series

VOSS 8.8

VSP 7400 Series

VOSS 8.8

VSP 8200 Series

VOSS 8.8

VSP 8400 Series

VOSS 8.8

VSP 8600 Series

Not Supported

XA1400 Series

Not Supported

A Management Instance is required to provide access to specific management applications.

With Segmented Management, the Management plane (management protocols) is separated from the Control Plane (routing plane) from a process and data-path perspective. Segmented Management is the only method to manage switches. One or a combination of the following management interface/management instance types can be used:

Important

Important

The Segmented Management Instance provides support for management interfaces that transmit and receive packets directly to and from the system native Linux IP stack. Unlike a traditional management interface, for example, a CLIP in the GRT that is part of the OS networking IP stack, Segmented Management Instance interfaces do not route packets through the OS networking IP stack.

Segmented Management provides better security because you cannot reach the management instance from outside the VRF (in case of CLIP) or outside VLAN/I-SID (in case of management VLAN), and because it has a built-in firewall for the management plane. There is also more predictability with symmetric traffic flows for management traffic originating from and terminating on the switch, for instance: