The Mgmt port on all my Enterasys Switches are on a non default VLAN (99), how do I get a X430 to change its Mgmt from VLAN 04095 to 99

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I have the Management port on all my Enterasys Switches on a non default VLAN (say 99), how do I get a New Extreme Summit X430 to change its Management from VLAN 04095 to 99?  Then send it as tagged/egress across port 8 connected to a Point-to-Point wireless tunnel with several other VLANs so that I can manage it from my Console?  With WiFi dual wired connections to the physical port is obviously not an option.
Photo of DWAYNE LOVELY

DWAYNE LOVELY

  • 70 Points

Posted 4 years ago

  • 0
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 40,846 Points 20k badge 2x thumb
Hi Dwayne,
Because EXOS switches have a dedicated management port, there's no option to configure the tag.
If you must have a tag, you can create a "management" VLAN with an IP and add one of the normal front panel ports to that VLAN as tagged.  Furthermore, you can configure ACLs to restrict access to that network only to sources of certain subnets.

-Drew
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Dwayne,

Here's a sample config to implement what Drew suggested. I've used mvlan as the vlan name, but you can change it to whatever makes sense to you:
create vlan mvlan
configure mvlan tag 99
configure mvlan ipaddress <ip_address>
configure mvlan add ports 8 tagged

As Drew pointed out, you can later add an ACL to limit which IP addresses/subnets can be used to manage the switch.

You can read about this in EXOS User Guide (http://documentation.extremenetworks.com/exos/downloads/EXOS_User_Guide_15_7.pdf) pages 46 (Access Profile Logging for Telnet) or 49 (Access Profile Logging for SSH2).
Photo of Muhammad Younas

Muhammad Younas

  • 122 Points 100 badge 2x thumb
Hi,

thank you for the useful tip. Saved my day. Two things, the above URL is not accessible and what if i use the non-mangement VLAN for RADIUS authentication because when i configure the switch for RADIUS, it prompts me that the configured IP is not of mgmt vlan. Please help as i have to deploy me switches. Switch mode is X440-48t.

Thanks
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Muhammad, all our documentation can be found in http://www.extremenetworks.com/support/documentation/. There you'll find the user guides for the latest releases of EXOS (among other things).

If you need documentation for older versions check here: http://www.extremenetworks.com/support/documentation-archives/

I don't quite understand your problem with RADIUS. Can you give more detail please?
Photo of Muhammad Younas

Muhammad Younas

  • 122 Points 100 badge 2x thumb
Thank you very much for your prompt response. What i want is to configure another VLAN (e.g 55) for management rather than using default with 4095 tag. The reason is that the gateway is Cisco 6500 switch which connects the extreme switch via a trunk port carrying multiple VLAN. Since i cannot create the VLAN 4095 on Cisco, i have to configure another VLAN for management. While configuring radius authentication, the switch prompts me with the error message "Error:  IP address 172.16.2.93 is not configured in virtual router "VR-Mgmt".  

We really appreciate your solution.

Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Muhammad, vlan default has no tag configured. The 4095 you see is an internal tag used by EXOS for vlans that don't have a tag configured. You can add a tag to default using the command
configure vlan default tag xxx

Regarding the error message, can you copy here the command that generates it?
(Edited)
Photo of Muhammad Younas

Muhammad Younas

  • 122 Points 100 badge 2x thumb
I have changed the default vlan tag already but not helping much. Command is below.

X440-48t.5 # configure radius mgmt-access primary server 192.168.25.189 client-ip 172.16.2.93

Error:  IP address 172.16.2.93 is not configured in virtual router "VR-Mgmt".

The ip address 172.16.2.93 is configured on VLAN "Default" under VR-Default.
(Edited)
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
In your "configure radius" command, specify the default VR instead.
http://documentation.extremenetworks.com/exos/exos_21_1/exos_commands_all/r_configure-radius-server-...

# configure radius mgmt-access primary server 192.168.25.189 client-ip 172.16.2.93 vr vr-default
Photo of Muhammad Younas

Muhammad Younas

  • 122 Points 100 badge 2x thumb
Drew, you nailed it. Don't know why i did not look for the next options after the client IP :(. Thanks alot, you guys are brilliant. Actually i am very knew to Extreme networks facing difficulties in configuring it.
If you allow, i want to ask one more question here :) Is the SSH protocol is disabled by default and i have to download the package for it separately? If yes, how can i download it and why this is left like this. I believe SSH should have been packaged by default.  
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
To access the SSH module, you can look at this knowledge base article: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-obtain-and-install-ssh-module/?q=ss...

I believe there is a disclaimer in the article that explains why the SSH module is separate from the EXOS Image.

In previous versions of EXOS the SSH module was a separate module, however, in version 21, the SSH module comes bundled with EXOS, so all you have to do is enable it.
Photo of Muhammad Younas

Muhammad Younas

  • 122 Points 100 badge 2x thumb
Thank you for your prompt responses.