Recommendation for configuration of Management port when Summit x440-24P is only switch in the network

  • 1
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I'm looking to see if anyone can give me a recommended configuration for the management port for a small network.  I'm an automation engineer, so "part-time IT" and know enough basics about VLAN, routing etc. to get by with some suggestions.  But I don't do enough of this stuff to really know a lot of good practices.  We have a small network, just a single x440-24p switch, and I was wondering what good practice would be for configuring the management port.  I'm planning to have 3 VLAN's on the switch, one will be for admins/engineers, and I'd like to be able to physically connect to that VLAN and also have access to the management interface as well (web based is what I plan to use mostly...after initial setup will mainly be using management port for monitoring/troubleshooting).

Should I just do interVLAN routing from my admin VLAN to the built-in default management VLAN.  Or can I just connect via the switch IP in my admin VLAN and no need to route through the management port?

Any advice appreciated...
Photo of Gregory Krueger

Gregory Krueger

  • 130 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Don't use the mgmt port - just put a IP on the (vr of the) admin VLAN to access the switch.
Photo of Drew C.

Drew C., Community Manager

  • 37,366 Points 20k badge 2x thumb
I agree with Ron here, for a network that small, the mgmt port will just get in the way.

Edit:
I should also add that the mgmt interface is non-routable (the VLAN, the VR, and the port).  It's strictly out-of-band.
Take a look at this thread for more info:
https://community.extremenetworks.com/extreme/topics/how-to-connect-the-management-port-to-the-netwo...
(Edited)
Photo of Gregory Krueger

Gregory Krueger

  • 130 Points 100 badge 2x thumb
OK...thanks for the tip.  I'll play around to see if I can figure out how to do that.  If not, I may be back just to get a few more pointers on exact steps to set that up.
Photo of Drew C.

Drew C., Community Manager

  • 36,778 Points 20k badge 2x thumb
We'll be here.  Also, welcome to The Hub!
Photo of Gregory Krueger

Gregory Krueger

  • 130 Points 100 badge 2x thumb
So, I wasn't able to figure out how to do this on my own.  Can anyone provide a more detailed explanation of how to add an IP on the management VR so I can access the management interface from one of the VLANs on the switch?  Also, is this something that can be done from the web interface or does it require CLI commands?

For reference, I have 3 VLANs on the switch 172.16.10.x/24 (with 14 ports assigned), 172.16.20.x/24 (with 6 ports) and 172.16.30.x/24 with 4 ports.  The .20 subnet is the one that we want to be able to manage the switch from.

Thanks...

Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
If you want to use the Mgmt vlan (VR-Mgmt) to access (manage) the switch, you have to apply an IP on the Mgmt vlan: configure vlan mgmt ipaddress

However, the Mgmt vlan (VR-Mgmt) is non-routable. You cannot connect your laptop into another vlan (VR-Default for instance) and access the Mgmt vlan (VR-Mgmt). That means you have to connect your laptop directly to the Mgmt vlan.

Also you can manage the switch using HTTP/HTTPS (web interface) using the Mgmt vlan IP.

For HTTP: enable web http
For HTTPS: enable web https

Note:
To use HTTPS you have to load the SSL/SSH module into the switch.

Please refers to this article 1266 How to enable web interface on an EXOS switch for information about how to load the SSL/SSH module and enable https.
(Edited)
Photo of Flávio Soares

Flávio Soares

  • 70 Points
is it possible to change the vlan on the mgmt port ?
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Flávio,

"Mgmt" vlan is dedicated to the mgmt port and cannot be changed.
Photo of Flávio Soares

Flávio Soares

  • 70 Points
SO .. mgmt is only accessible by direct access to the port ?
Photo of Henrique

Henrique, Employee

  • 10,242 Points 10k badge 2x thumb
Hi Flávio, yes you are correct.

You can create a mgmt network to use that port.

Let's say you have a segment where all those mgmt ports are connected. You can manage all switches through that segment.

All mgmt ports must be connected to that "management cloud".
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
There is a difference between the mangagement port and the ability to manage the switch.

If you like to manage the switch via remote just just add another VLAN with a IP and that's it.

The managment port is for out-of-band management.
But if you like you'd take a patch cable and connect the mgmt port to a "normal" port on the switch and you'd use the mgmt IP to access ith in-band.
https://en.wikipedia.org/wiki/Out-of-band_management
(Edited)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
I do not think connecting the management port to a front port of the same switch actually works. Have you tried this out?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
I've my lab X430 connected that way - if I remember correctly I've done it because I've tested a inventory manager script that used the mgmt port IP and never changed the setup after the test.

Mgmt port connected to port#2, port#1 connected my main lab switch,

I'm able to ssh to the mgmt IP and manage the switch via EMC (same subnet).
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
That should work since the mgmt port (eth0) has its own MAC address different from switch MAC.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
If the management port has a different MAC address from the switch, i.e. the VLAN interfaces, it should be possible to route from VR-Default to VR-Mgmt using a cable between a front port and the management port. That might be a workaround for https://community.extremenetworks.com/extreme/topics/exos-specifiy-source-interface-for-sntp-downloa....
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
I have tried to this, but the management port uses the same MAC address as every other SVI on EXOS, thus this does not work (see my first comment above). :-(

The setup works with an X430, because the X430 is a layer 2 switch only, thus the only SVI available on the switch is the management port.