ExtremeSwitching (ERS)

 View Only

 Management VLAN over routed connection

SDR's profile image
SDR posted 10-27-2021 03:08
Dear community,

well, I´m quite sure, this is a stupid question, however, I´m stuck.

How do get a Management VLAN up + running over a routed connection?
Customer has ERS-Switch in a remote location. This Device is connected to WAN via some Provider-Router.
Between Switch an router there is just an access-port with Transfer-VLAN "x".

To get Management VLAN "Y" up + running, I need an active/Up Port assigned to Management-VLAN "Y". 
At the moment, customer realizes this by also assigning Management VLAN "Y" to the Access-Port (! not tag-all) of the  Port connected to the router.

I´m sure, this is not "best practice".

In a Cisco environment, I would configure a Loopback-Interface + assign the Management-IP to this interface.
However, on an ERS I have to Assign the ip to a vlan + this vlan needs to be configured as "vlan mgmt Y".

That´s where I´m stuck /confused.

Can someone advice? Thx!
Ludovico Stevens's profile image
Ludovico Stevens
I take it the ERS has to IP route between the mgmt VLAN Y and the uplink segment VLAN X ?
Just a though, why not make VLAN X the mgmt VLAN ? Maybe the subnet mask is just /30 ?

In any case, here's a possible hack.
Configure the uplink port as untagPvidOnly. Add both VLANs X & Y to the port but make VLAN X the PVID on the port.
That way the mgmt VLAN Y will always be up, as long as the uplink port is up also.
Fijs's profile image
I even think you don't need an acitve port in VLAN Y to activate the VLAN.
I had a similar situation recently, and got the VLAN active by adding it to an inactive (down) port...

Agreed, this is not an ideal solution, and if you don't document it, someone could remove this "unnecessary" VLAN from that port wich will cause the MGMT IP to become unreachable. However, as Ludovic pointed out, you can still reach the device on the IP in VLAN X.
SDR's profile image

thank you for your input.
"why not make VLAN X the mgmt VLAN"? Well....this network is shared between customer + provider. Although one should expect the provider as a "trusted partner", I think/thought, it would not be best practice, to make this (shared) network the management network (vlan)

Ludovicos "hack" sounds great. However it seems, that there is no real solution (like for example the Ciscos loopback), just "workaround.
Right? (I´m wondering, what´s the use-case of the ERS-Loopback IF)