This isn't the way that e0M is meant to be used.
Your default route needs to be on a VLAN which the production interfaces are a member of, otherwise any non-local traffic of any protocol will be routed via the management interface. And your e0M interface must be in a completely separate VLAN from any production interface.
I believe the e0M interface is only really useful if any machine that you would use to manage the system is also on the same VLAN as the e0M interface. NetApps have a clean separation of management protocols from data access protocols, so you can disable management protocols (e.g. ssh) except on the e0M interface, and use "options interface.blocked.mgmt_data_traffic on" to disable data protocols on the management interface.
The one thing which breaks this model is OnCommand Unified Manager (DFM). It sends both ssh (management) and NDMP (data, but used for management) requests to a single IP. I got around that by having an access rule as follows, though using the other interface.blocked options might work as well:
options ssh.access if=e0M OR netgroup=dfmserver.example.com
All of this is only any use at all if you care about securing your management access in a different way (e.g. via switch ACLs) from your data access. Otherwise, just don't use the e0M port at all. You don't need it.
As others have said, enabling the RLM/SP is important for out of band management (we do). But even then, having the serial console accessible via a serial terminal server will get you out of a situation where the RLM/SP loses its IP number (this has happened to us while recovering a filer).
HTH, Jeremy
On 22/03/2013, at 2:30 AM, Chris Picton wrote:
Hi all
I have two pairs of 3210s. The default gateway of the systems are via the management interface IP range, so that they are reachable remotely on the e0M interfaces.
However, this is causing snapmirror replication to use those interfaces as well, which is undesirable from a speed/data path persepctive.
I have considered putting e0M into its own ipspace, but then how would I manipulate its routing table as it would not be in a vfiler.
Any other ideas about having e0M reachable from anywhere, but still use a different vif as the default gateway for generic traffic on the system? Chris _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters