IP connectivity

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I am trying to connect switch using management port. The ip assigned to management port can be pinged but when i ping the default gateway it is not pingable.. that is switch is not reachable. Please tell me how to solve the problem.
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
Try ping vr vr-mgmt <IP>
Photo of David Rahn

David Rahn

  • 1,036 Points 1k badge 2x thumb
What are you pinging from? How are things connected? What is the gateway conected to? Draw a picture and post it. We literally could not have less information than what you posted with... my assumption at this time is that you don't understand the characteristics of the management port, and the management virtual router.
One thing worth noting is that ip routes can be assigned to a vr...
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
More information would be good.

It mostly sounds like you may not be aware that there are 2 vr's on the switch by default the management port is in the management vr and all other ports are in the default vr.

If you are trying to do what I think you are trying to do you need a route to bridge traffic from one vr to the other.

Best of luck 
Photo of David Rahn

David Rahn

  • 1,036 Points 1k badge 2x thumb
Can you route traffic from one vr to another? I missed that one...
And for some reason everything I type seems angry and short... I am not trying to sound like a d!ck... it is early maybe my language system hasn't booted completely
(Edited)
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
I wish I could recall the specifics but I am on vacation and don't feel like thinking that hard right now.

We have 2 lab switches at our office that are on the network via their management port. This allows us to play with different routing options while still being able to access the switches from our desks.

But now that you are making me think about it... Those switches don't actually pass traffic from one VR to the other.

So to get from one VR to the other, you need a second device. We have a deployment with an internal and external VR and the firewall is used to pass traffic from one to the other as needed.

Thanks for catching that.
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
Well i have to upgrade firmware of the exos switch. The firmware is placed on a server. now i used the command Habe die 16.1.3.6 runtergeladen. download image X.X.X.X summitX-16.1.3.6.xos vr vr-m but it said fauked ti download image tftp time out. i assinged ip to management interface so now i can ping the destination ip that is X.X.X.X but the download doesnt happen. what am i doing wrong here?

P.S i am aware that there are of the 2Vrs and their respective roles
Photo of Henrique

Henrique, Employee

  • 10,342 Points 10k badge 2x thumb
Hi Danial, if you have connectivity through the MGMT interface (when doing ping vr vr-mgmt a.b.c.d) you should be able to download the firmware from tftp server.

I'm wondering if the TFTP is up and running without any issue. To confirm that I would recommend you to open a wireshark in the TFTP server and try to download the firmware from the switch VR-mgmt. Then you will be able to see if the requests are being sent from the switch and receiving by the server.
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
Thanks Henrique. let me give it a try.
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Some basics are in order here.

EXOS supports a Management Virtual Router (vr-mgmt)) to which ONLY the mgmt vlan and port belong. This can't be changed. It also supports a Default Virtual Router (vr-default) to which the the default vlan and all the front ports belong.

It is NOT POSSIBLE to pass traffic between vlans belonging to these two VR's. The whole point of having a separate dedicated mgmt port is security. In security-conscious environments (an ISP, for example) all management is done exclusively through a private vlan that can't be reached by public vlans and external customers. This separation is fundamental to avoid attacks to the switches. Another advantage is that if a denial-of-service attack is crippling the public vlans and ports, the manager still has a separate protected network to manage the switches and combat the DoS attack.

There are separate routing tables for each VR, each one containing a default route or static routes. If you are managing the switch through the management port, you must make sure there's a route from the management port IP address to the IP address of the FTP/TFTP server, or the workstations you are using to manage it, if they are in different subnets. You must also be careful because commands such as ping, tftp get/put, or upgrade allow to specify through which VR the command will communicate with the network.
(Edited)
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Additional EXOS Virtual Router context that aligns to Mr. Flouret's post. 

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-a-Virtual-Router
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
To illustrate Daniel's comment:

if you ping an IP address without specifying the VR, you are in VR-Default (front panel ports).
if you do a download image on the same IP, still without specifying the VR, you are in VR-Mgmt.

So it is doable to ping a server (tftp) and not able to download if you are not paying attention to the VR.

I'd like to see a "show vlan", examples of your commands to ping and download image, and sh conf rtmgr.
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
It worked. Thanks Guys..
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Great news Danial and well done.

This is a pretty common stumbling block for folks with EXOS.  In the interest of helping those in the future that may read this thread, how did you sort it out?