Trouble connecting to Management port with either direct or switched ethernet connection

  • 0
  • 1
  • Question
  • Updated 3 weeks ago
  • (Edited)
I have a windows 10 host with an ethernet interface (configured with static ip 192.168.1.2/24) that is directly connected to the Management Port of an X440G2-12p-10G4. Both sides of physical connection have their 1G link lights on. Via serial console on this switch, I have set an ip address on the Mgmt vlan of 192.168.1.100/24. But from the windows machine I cannot ping nor telnet the switch at 192.168.1.100. Can you help me diagnose the reason why?

From the windows host, I see:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter VirtualBox Host-Only Network:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::593a:8176:d2a:d8e8%18
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1c19:e5e6:9b2:4aa5%12
   IPv4 Address. . . . . . . . . . . : 192.168.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
C:\>ping 192.168.1.100
Pinging 192.168.1.100 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.100:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.8.1      172.16.8.60     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
       172.16.8.0    255.255.255.0         On-link       172.16.8.60    281
      172.16.8.60  255.255.255.255         On-link       172.16.8.60    281
     172.16.8.255  255.255.255.255         On-link       172.16.8.60    281
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link       172.16.8.60    281
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link       172.16.8.60    281
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:

I included the VirtualBox Host-Only adapter in the list bc its network is in the ballpark, but I believe this to be irrelevant since, well, it's a different network from the EXOS switch's Mgmt network.

From the switch I see:

* X440G2-12p-10G4.2 # show vlan
-----------------------------------------------------------------------------------------------
Name            VID  Protocol Addr       Flags                         Proto  Ports  Virtual
                                                                              Active router
                                                                              /Total
-----------------------------------------------------------------------------------------------
Default         1    10.0.0.1       /24  ------------T---------------  ANY    2 /16  VR-Default
Mgmt            4095 192.168.1.100  /24  ----------------------------  ANY    1 /1   VR-Mgmt
-----------------------------------------------------------------------------------------------
* X440G2-12p-10G4.3 # show switch
SysName:          X440G2-12p-10G4
SysLocation:
SysContact:       support@extremenetworks.com, +1 888 257 3000
System MAC:       00:04:96:9B:9B:E2
System Type:      X440G2-12p-10G4
SysHealth check:  Enabled (Normal)
Recovery Mode:    All
System Watchdog:  Enabled
Current Time:     Wed Sep 26 00:34:25 2018
Timezone:         [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:        Tue Sep 25 20:32:43 2018
Boot Count:       23
Next Reboot:      None scheduled
System UpTime:    4 hours 1 minute 41 seconds
Current State:    OPERATIONAL
Image Selected:   secondary
Image Booted:     secondary
Primary ver:      22.1.1.5
Secondary ver:    21.1.2.14
                  patch1-2
Config Selected:  primary.cfg
Config Booted:    primary.cfg
primary.cfg       Created by ExtremeXOS version 21.1.2.14
                  272505 bytes saved on Tue Sep 25 20:32:07 2018
* X440G2-12p-10G4.4 # show mgmt
VLAN Interface with name Mgmt created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 4095
    Description:         Management VLAN
    Virtual router:      VR-Mgmt
    IPv4 Forwarding:     Disabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:          192.168.1.100/24
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                None
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    QosProfile:          None configured
    Flood Rate Limit QosProfile:       None configured
    Ports:   1.           (Number of active ports=1)
     Untag: Mgmt-port on Mgmt is active

Any ideas what I am doing wrong here, and what I should check next? Is there some other step to enabling the Mgmt port over ip on these switches?

This is a similar problem to this one, which doesn't seem to have a solution:
https://community.extremenetworks.com/extreme/topics/connectivity-to-a-switch-x440

Thanks,
Tim

p.s. This is an aside from my problem statement, but FWIW I am using the Management port intentionally here because this switch (and many other EXOS switches like it at my company) will be used for network automation in test environments (dynamically turning ports on/off, creating vlans, etc to form various network topologies for the DUTs to be connected to) and:
(a) I want to guarantee the test machines will have dedicated, unfettered access to the switches in the case of botched switch configuration at test runtime, so we have a guaranteed way to reset configuration, and
(b) I want to save a "normal" port by using the Mgmt port, since in some cases we may be using small port count switch variants (like the one in this example) that are like to fill up in the test.
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb

Posted 3 weeks ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 3,106 Points 3k badge 2x thumb
Tim,

Does this work on the laptop Ethernet 2 adapter when both the laptop IP and VLAN interface are in the in the 192.168.1.0 network? We want to ensure both IPs are reachable within the same subnet first.

If so, you might need to configure a route on the switch for vr-mgmt to reach the other network:

configure iproute add default <gateway> vr "VR-Mgmt"

You can confirm the routes using

show iproute <vr-mgmt>
(Edited)
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
Thanks Taykin. To your first question: 
Does this work on the laptop Ethernet 2 adapter when both the laptop IP and VLAN interface are in the in the 192.168.1.0 network?
I think my original post already answers this question (no), as I've shown that the PC "Ethernet 2" interface is 192.168.1.2/24 and the switch's mgmt vlan and virtual router are both at 192.168.1.100/24.

I didn't mention this in my OP but I did set up a default route for the mgmt vlan, using the command:
configure iproute add default 192.168.1.1 vr VR-Mgmt
This results in the following current route on the mgmt vlan:
* X440G2-12p-10G4.2 # sho iproute vr "VR-Mgmt"
Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration
#s   Default Route      192.168.1.1     1    UG---S-um--f- Mgmt       0d:22h:2m:35s
#d   192.168.1.0/24     192.168.1.100   1    U------um--f- Mgmt       0d:22h:2m:36s
The reason I used 192.168.1.1 when setting up the default route before was that I had originally set the switch's ip to 192.168.1.1. I have since changed it to the current address, thinking the problem may have been an ip collision with another machine on the network (a VM guest was using that .1 originally, but now is using a unique ip addr).

Per the section titled "IP connectivity to a Switch on the Mgmt VLAN from the same VLAN" on this page: 

https://gtacknowledge.extremenetworks.com/articles/How_To/Getting-IP-connectivity-on-a-EXOS-switch

I believe I do NOT even need the default route set up for the mgmt vlan/vr, since right now I'm just trying a direct connection, and my PC is on same network as the mgmt vlan (logically and physically).

For this reason, I will experiment with removing the default route for VR-Mgmt.

However, I do not see why this default route I have set up for the VR-Mgmt would prevent ip connectivity, since both routes in my table indicate to use the Mgmt vlan.

Let me know if you can provide any further assistance.
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
When I try removing the default route assigned for the Mgmt vlan, I get an error:
* X440G2-12p-10G4.7 # configure iproute delete default 192.168.1.1
ERROR: Cannot delete the default route with gateway(192.168.1.1)
Does this seem right to you that I cannot remove a default route after setting it?

This is all quite confusing, since I've read in the docs that the Mgmt port is not routable.

Let me know if you have any ideas on what might be wrong here.
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
It would appear that I have followed the official instructions for what I am trying to accomplish, here:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-an-IP-address-on-the-management-interface-of-an-EXOS-switch
and here:
https://gtacknowledge.extremenetworks.com/articles/How_To/Getting-IP-connectivity-on-a-EXOS-switch  (section titled: IP connectivity to a Switch on the Mgmt VLAN from the same VLAN)

The latter link says to make sure VLAN tagging is correct if you've done everything and still can't ping the Mgmt ip address. So I read the suggested page: https://gtacknowledge.extremenetworks.com/articles/How_To/Understanding-EXOS-VLANS-and-tagged-and-untagged-ports

but there is nothing mentioned there about adding ports to the Mgmt vlan or tagging ports on the Mgmt vlan. Furthermore, the former linked page (first in this post) says specificallt:
  • Ports cannot be added or removed to the MGMT VLAN and its tag (4095) cannot be changed
So I'm at a loss for what might need to be done here, and will assume that the problem is on the PC side.

If anyone else can think of a reason why I'm not able to ping the Mgmt VLAN/VR from my PC that is configured on the same network, and directly connected, let me know.

Some ideas for next steps:
  1. check the cable
  2. connect the mgmt port to an isolated switch that is connected to my PC and some other devices, and confirm the PC can talk to the other devices on the same network.
  3. ??
Thanks.

p.s. It appears I may have posted in the wrong forum. Maybe shoulda been in one of the "Technical Discussions" sections. I see some relevant posts which are similar to mine, but neither are exactly trying to directly connect to the Mgmt port. Nevertheless, I'm concerned bc they tend to say "just don't use the Mgmt port": 
https://community.extremenetworks.com/extreme/topics/how-to-connect-the-management-port-to-the-network 
https://community.extremenetworks.com/extreme/topics/recommendation-for-configuration-of-management-port-when-summit-x440-24p-is-only-switch-in-the-network

For reasons I've stated in the p.s. of the OP, I have a valid reason for using the Mgmt port (at least, I think I do).
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
OK, here's a little more info to narrow down the problem - Since:
  • the ping from the PC to the switch fails with "Request timed out" and
  • the ping from the switch to the PC fails with "Packet transmit error; Destination unreachable"
I'm pretty sure the problem is with the switch not having a route to my PC.

Which brings me back to the question about the error I received trying to delete or change the default route on VR-Mgmt.
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
From the comment linked below, I learned that when pinging an outside address from the Mgmt Vlan/VR, you have to use a different form that specifies the Virtual Router name.

Using this proper form, I now get this:
* X440G2-12p-10G4.2 # ping vr "VR-Mgmt" 192.168.1.2
Ping(ICMP) 192.168.1.2: 4 packets, 8 data bytes, interval 1 second(s).
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 0 packets received, 100% loss
round-trip min/avg/max = 0/0/0 ms
Instead of what I was getting before:
* X440G2-12p-10G4.1 # ping 192.168.1.2
Ping(ICMP) 192.168.1.2: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
--- 192.168.1.2 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms
So now it is claiming to have sent the ICMP packets, so I change my last statement that the problem is with the route on the switch.

https://community.extremenetworks.com/extreme/topics/problems-with-connectivity-on-vlan-mgmt?topic-reply-list[settings][filter_by]=all&topic-reply-list[settings][reply_id]=17783223#reply_17783223
Photo of Roy Noh

Roy Noh, Employee

  • 1,182 Points 1k badge 2x thumb
Hello Tim,

It seems you've already checked configuration part and understood VR-mgmt notation.
We had some cases where Mgmt port is not working due to several reasons.
CRC error can be one of that as well as faulty Mgmt port.
But checking out CRC error on mgmt port requires a debug password which GTAC can provide you one.
Also if this problem is due to a H/W fault, you can claim an RMA for the device.
Kindly consider to open a case so that GTAC engineers can analysis the issue further.
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
Thanks Roy. Before I open a case, I want to finish investigating this bc i feel very close: I have a very similar setup in another location (linux machine with direct connection to Mgmt port of same EXOS model X440G2-12p-10G4) that is working fine, and I've compared their configurations, and the only differences are:
  1. The working switch has extra config for the 10G ports (13-16) "configure ports <portnumber> auto off speed 10000 duplex full". This seems unrelated.
  2. The not-working switch has configured an ipaddress on Default vlan: "configure vlan Default ipaddress 10.0.0.1 255.255.255.0" This also seems unrelated.
  3. The not-working switch configures a default route for VR-Mgmt which as I've reported, I cannot delete: "configure iproute add default 192.168.1.1 vr VR-Mgmt"
  4. The working switch is running ver 21.1.5.2 and the non-working switch is running 21.1.2.14.
I still can't believe 3 isn't the culprit, but as I mentioned before I haven't been able to successfully remove this default route (which shouldn't be necessary since the Mgmt port doesn't support routing anyway).

Also before opening a case, I'm going to make sure I can get management access through the Default Vlan/VR and one of the "normal" ports. From there I should be able to update Firmware to latest, and then reverify the problem. If it's a faulty Mgmt port, it should fail even with newer Firmware, and I imagine that would be one of the first things GTAC would do.


Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
Regarding item 3. in my previous post, I reviewed the command I was using before to try and delete the route on vr-mgmt and think I see why it was rejected.

I was using:
configure iproute delete default 192.168.1.1
to try to remove a default route for a specific VirtualRouter (VR-Mgmt), which doesn't make sense.

Instead I learned I should use this command, which specifies specifically which VirtualRouter the default route is for:
configure iproute delete default 192.168.1.1 vr "VR-Mgmt"
I know this succeeded, bc afterwards I get:
* X440G2-12p-10G4.7 # sho iproute vr "VR-Mgmt"
Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration
#d   192.168.1.0/24     192.168.1.100   1    U------um--f- Mgmt       2d:0h:38m:33s
Photo of Tim Black

Tim Black

  • 478 Points 250 badge 2x thumb
The findings in my previous post have turned out to be neither here, nor there. I just got into work for the first time since filing this issue and checked the connection myself, and I have confirmed that the problem all along was that the physical ethernet connection wasn't correct! This explains why my outgoing pings appeared to succeed but there was no response, and also explains why I could not ping from the PC. I have been home sick the last few days and although I asked a coworker to check this connection a couple days ago, the mis-connection was not detected.

I apologize to anyone who followed this thread. Even though it turned out not to be a configuration issue, the process of investigating configuration on these switches was a useful learning experience for me.


Thanks again,
Tim