Extreme 220- Setup management access on system IP rather than OOB mgmt port

  • 0
  • 2
  • Question
  • Updated 4 months ago
  • Answered
I have several Extreme 220s going out to a customer. This is a small deployment and rather than using the out of band mgmt port, I am trying to setup management access via the system IP. All internal routing is handled on a Watchguard firewall and I currently have all VLANs routing properly. I have set the mgmt VLAN accordingly using the network mgmt_vlan 5 command and assigned the system IP accordingly on that subnet. My other trunk ports utilizing VLAN 5 as the access VLAN pass connectivity through just fine. Any assistance would be greatly appreciated. This is our first Extreme deployment, so we are still working to get our feet wet with the platform.
Photo of Tucker Bidleman

Tucker Bidleman

  • 120 Points 100 badge 2x thumb

Posted 4 months ago

  • 0
  • 2
Photo of Martineau, John

Martineau, John, Employee

  • 660 Points 500 badge 2x thumb
Photo of Tucker Bidleman

Tucker Bidleman

  • 120 Points 100 badge 2x thumb
Hey John, I used the steps detailed above with no luck. Does routing have to be enabled for this to work?
Photo of Tucker Bidleman

Tucker Bidleman

  • 120 Points 100 badge 2x thumb
Here is my configuration (thus far, put things on hold until this was resolved):

(Extreme 220) >en

(Extreme 220) #show run

!Current Configuration:
!
!System Description "Extreme 220-Series 48GE PoE+, 4 10GbE SFP+ ports, 1 Fixed AC PSU, 1 RPS port, L3 Switching, 1.1.1.11, Linux 3.6.5, U-Boot 2012.10-00003-g56c397c (Mar 28 2017 - 15:11:08)"
!System Software Version "1.1.1.11"
!System Up Time          "1 days 2 hrs 58 mins 56 secs"
!Additional Packages     FASTPATH QOS,FASTPATH IPv6 Management,FASTPATH Stacking,FASTPATH Routing
!Current SNTP Synchronized Time: SNTP Client Mode Is Disabled
!
network protocol none
network parms 10.10.1.2 255.255.255.0 10.10.1.1
serviceport protocol none
serviceport ip 10.0.2.1 255.255.255.0 0.0.0.0
vlan database
vlan 5,10,20,30,40
vlan name 5 "MGMT"
vlan name 10 "Internal LAN"
vlan name 20 "Internal WLAN"
vlan name 30 "CAMERAS"
vlan name 40 "GUEST WLAN"
exit

network mgmt_vlan 5
ip ssh server enable
no ip telnet server enable
configure
stack
member 1 6
exit
slot 1/0 6
set slot power 1/0
no set slot disable 1/0
username "admin" password f95ba684e0c3347f21239feac2e09cdb5196f6c22bec09eed6b627142c3f46ace3b6611512dd27d69c27bc42abaee015f4cc0c418342df6b2a69ec85b5ec74dc level 15 encrypted
line console
no transport input telnet
no transport output telnet
exit

line telnet
exit

line ssh
exit

!

interface 1/0/1
switchport mode trunk
switchport access vlan 5
switchport trunk allowed vlan 1-4,6-4093
exit



interface 1/0/2
switchport mode access
switchport access vlan 10
exit



interface 1/0/47
switchport mode trunk
switchport access vlan 5
switchport trunk allowed vlan 1-4,6-4093
exit



interface 1/0/48
switchport mode access
switchport access vlan 40
exit


router rip
exit
exit


(Extreme 220) #
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,528 Points 20k badge 2x thumb
I'm not an expert on the system but I think the port config is wrong, try this instead...

interface 1/0/X
switchport mode trunk
switchport trunk native vlan 5
switchport trunk allowed vlan 1-4,6-4093
exit

I've connected my notebook to the port and was able to ping/telnet the switch.

Weird that the switch allows to configure access and trunk mode on the same port.
Photo of Tucker Bidleman

Tucker Bidleman

  • 120 Points 100 badge 2x thumb
Thanks Ronald, I will test this out tomorrow. So you were able to hit the system IP when connected directly to thst port? Being that it is the uplink to the firewall and the firewall is where VLAN 5 default gateway resides, I'll have to test in my environment to make sure. Like I said, this is my first run with Extreme and I was a bit confused with the trunking and access settings as well.
Photo of Tucker Bidleman

Tucker Bidleman

  • 120 Points 100 badge 2x thumb
This corrected my issue (to an extent). I can now access all of my switches' system IPs via both ssh and HTTP. Only caveat is that I cannot access the switches for management when I am on another VLAN (my primary internal VLAN, VLAN 10). When I am on an Access port on the mgmt VLAN or a port with the native VLAN set to mgmt VLAN, no issue. Oddly, I can still ping the system IPs from any VLAN, just can't access ssh or http. 

Is there a default security setting in place on the 220s that block mgmt access from another subnet possibly? From a routing perspective, it is obviously working if I can ping them. Below is my updated config:


(Ext220-01) #show run

!Current Configuration:
!
!System Description "Extreme 220-Series 48GE PoE+, 4 10GbE SFP+ ports, 1 Fixed AC PSU, 1 RPS port, L3 Switching, 1.1.1.11, Linux 3.6.5, U-Boot 2012.10-00003-g56c397c (Mar 28 2017 - 15:11:08)"
!System Software Version "1.1.1.11"
!System Up Time          "4 days 4 hrs 50 mins 55 secs"
!Additional Packages     FASTPATH QOS,FASTPATH IPv6 Management,FASTPATH Stacking,FASTPATH Routing
!Current SNTP Synchronized Time: SNTP Client Mode Is Disabled
!
hostname "Ext220-02"
network protocol none
network parms 10.10.1.3 255.255.255.0 10.10.1.1
serviceport protocol none
serviceport ip 10.0.2.1 255.255.255.0 0.0.0.0
vlan database
vlan 5,10,20,30,40
vlan name 5 "MGMT"
vlan name 10 "Internal LAN"
vlan name 20 "Internal WLAN"
vlan name 30 "CAMERAS"
vlan name 40 "GUEST WLAN"
exit

network mgmt_vlan 5
ip ssh server enable
no ip telnet server enable
configure
stack
member 1 6
exit
slot 1/0 6
set slot power 1/0
no set slot disable 1/0
username "admin" password f95ba684e0c3347f21239feac2e09cdb5196f6c22bec09eed6b627142c3f46ace3b6611512dd27d69c27bc42abaee015f4cc0c418342df6b2a69ec85b5ec74dc level 15 encrypted
line console
no transport input telnet
no transport output telnet
exit

line telnet
exit

line ssh
exit

snmp-server sysname "Ext220-01"
!

interface 1/0/1
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/2
switchport mode access
switchport access vlan 10
exit



interface 1/0/3
switchport mode access
switchport access vlan 10
exit



interface 1/0/4
switchport mode access
switchport access vlan 10
exit



interface 1/0/5
switchport mode access
switchport access vlan 10
exit



interface 1/0/6
switchport mode access
switchport access vlan 10
exit



interface 1/0/7
switchport mode access
switchport access vlan 10
exit



interface 1/0/8
switchport mode access
switchport access vlan 10
exit



interface 1/0/9
switchport mode access
switchport access vlan 10
exit



interface 1/0/10
switchport mode access
switchport access vlan 10
exit



interface 1/0/11
switchport mode access
switchport access vlan 10
exit



interface 1/0/12
switchport mode access
switchport access vlan 10
exit



interface 1/0/13
switchport mode access
switchport access vlan 10
exit



interface 1/0/14
switchport mode access
switchport access vlan 10
exit



interface 1/0/15
switchport mode access
switchport access vlan 10
exit



interface 1/0/16
switchport mode access
switchport access vlan 10
exit



interface 1/0/17
switchport mode access
switchport access vlan 10
exit



interface 1/0/18
switchport mode access
switchport access vlan 10
exit



interface 1/0/19
switchport mode access
switchport access vlan 10
exit



interface 1/0/20
switchport mode access
switchport access vlan 10
exit



interface 1/0/21
switchport mode access
switchport access vlan 10
exit



interface 1/0/22
switchport mode access
switchport access vlan 10
exit



interface 1/0/23
switchport mode access
switchport access vlan 10
exit



interface 1/0/24
switchport mode access
switchport access vlan 10
exit



interface 1/0/25
switchport mode access
switchport access vlan 30
exit



interface 1/0/26
switchport mode access
switchport access vlan 30
exit



interface 1/0/27
switchport mode access
switchport access vlan 30
exit



interface 1/0/28
switchport mode access
switchport access vlan 30
exit



interface 1/0/29
switchport mode access
switchport access vlan 30
exit



interface 1/0/30
switchport mode access
switchport access vlan 30
exit



interface 1/0/31
switchport mode access
switchport access vlan 30
exit



interface 1/0/32
switchport mode access
switchport access vlan 30
exit



interface 1/0/33
switchport mode access
switchport access vlan 30
exit



interface 1/0/34
switchport mode access
switchport access vlan 30
exit



interface 1/0/35
switchport mode access
switchport access vlan 30
exit



interface 1/0/36
switchport mode access
switchport access vlan 30
exit



interface 1/0/37
switchport mode access
switchport access vlan 30
exit



interface 1/0/38
switchport mode access
switchport access vlan 30
exit



interface 1/0/39
switchport mode access
switchport access vlan 30
exit



interface 1/0/40
switchport mode access
switchport access vlan 30
exit



interface 1/0/41
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/42
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/43
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/44
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/45
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/46
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/47
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/48
switchport mode access
switchport access vlan 40
exit



interface 1/0/49
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/50
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/51
switchport mode trunk
switchport trunk native vlan 5
exit



interface 1/0/52
switchport mode trunk
switchport trunk native vlan 5
exit


router rip
exit
exit


(Ext220-01) #