we have one customer that has an Out-of-Band Management with completely separated switches. All productive switches are connected to those Mgmt-Network-Switches via their dedicated Mgmt-Port. (All switches are Summit Switches with FW 30.x)
In this Mgmt-Network are also one XMC and one ExtremeControl. The problem that I see here:
The Mgmt-Network is not really redundant:
- Every Switch only has only one Uplink to the Mgmt-Network
- If one Mgmt-Network-Switch fails, multiple productive switches have no connection to XMC and so on.
While this isn’t a big deal for the pure management of the switches, it is a big problem if they do network authentication via Extreme Control.
My other customers don’t have an OoB-Mgmt and don’t use the dedicated Mgmt-Ports at all. They have one separate VLAN for the Switch-Mgmt which is tagged on the redundant switch uplinks. This makes things much easier. :)
I think I could put the ExtremeControl on another VLAN, which has access to the switches over their normal uplinks and I would have to manually tune the radius-config of the switches to use another client-ip. The ExtremeControl then needs two interfaces: One in the Mgmt-Network (to communicate with XMC) and one in the VLAN for the switch authentication.
How do you guys deal with this? Any ideas/suggestions?