The Mgmt port on all my Enterasys Switches are on a non default VLAN (99), how do I get a X430 to change its Mgmt from VLAN 04095 to 99


I have the Management port on all my Enterasys Switches on a non default VLAN (say 99), how do I get a New Extreme Summit X430 to change its Management from VLAN 04095 to 99? Then send it as tagged/egress across port 8 connected to a Point-to-Point wireless tunnel with several other VLANs so that I can manage it from my Console? With WiFi dual wired connections to the physical port is obviously not an option.

11 replies

Userlevel 7
Hi Dwayne,
Because EXOS switches have a dedicated management port, there's no option to configure the tag.
If you must have a tag, you can create a "management" VLAN with an IP and add one of the normal front panel ports to that VLAN as tagged. Furthermore, you can configure ACLs to restrict access to that network only to sources of certain subnets.

-Drew
Userlevel 6
Dwayne,

Here's a sample config to implement what Drew suggested. I've used mvlan as the vlan name, but you can change it to whatever makes sense to you:
create vlan mvlan
configure mvlan tag 99
configure mvlan ipaddress [i]
configure mvlan add ports 8 tagged
[/code]
As Drew pointed out, you can later add an ACL to limit which IP addresses/subnets can be used to manage the switch.

You can read about this in EXOS User Guide (http://documentation.extremenetworks.com/exos/downloads/EXOS_User_Guide_15_7.pdf) pages 46 (Access Profile Logging for Telnet) or 49 (Access Profile Logging for SSH2).
Hi,

thank you for the useful tip. Saved my day. Two things, the above URL is not accessible and what if i use the non-mangement VLAN for RADIUS authentication because when i configure the switch for RADIUS, it prompts me that the configured IP is not of mgmt vlan. Please help as i have to deploy me switches. Switch mode is X440-48t.

Thanks
Userlevel 6
Muhammad, all our documentation can be found in http://www.extremenetworks.com/support/documentation/. There you'll find the user guides for the latest releases of EXOS (among other things).

If you need documentation for older versions check here: http://www.extremenetworks.com/support/documentation-archives/

I don't quite understand your problem with RADIUS. Can you give more detail please?
Thank you very much for your prompt response. What i want is to configure another VLAN (e.g 55) for management rather than using default with 4095 tag. The reason is that the gateway is Cisco 6500 switch which connects the extreme switch via a trunk port carrying multiple VLAN. Since i cannot create the VLAN 4095 on Cisco, i have to configure another VLAN for management. While configuring radius authentication, the switch prompts me with the error message "Error: IP address 172.16.2.93 is not configured in virtual router "VR-Mgmt".

We really appreciate your solution.

Userlevel 6
Muhammad, vlan default has no tag configured. The 4095 you see is an internal tag used by EXOS for vlans that don't have a tag configured. You can add a tag to default using the command
configure vlan default tag xxx[/code]
Regarding the error message, can you copy here the command that generates it?
I have changed the default vlan tag already but not helping much. Command is below.

X440-48t.5 # configure radius mgmt-access primary server 192.168.25.189 client-ip 172.16.2.93

Error: IP address 172.16.2.93 is not configured in virtual router "VR-Mgmt".

The ip address 172.16.2.93 is configured on VLAN "Default" under VR-Default.
Userlevel 7
Muhammad Younas wrote:

I have changed the default vlan tag already but not helping much. Command is below.

X440-48t.5 # configure radius mgmt-access primary server 192.168.25.189 client-ip 172.16.2.93

Error: IP address 172.16.2.93 is not configured in virtual router "VR-Mgmt".

The ip address 172.16.2.93 is configured on VLAN "Default" under VR-Default.

In your "configure radius" command, specify the default VR instead.
http://documentation.extremenetworks.com/exos/exos_21_1/exos_commands_all/r_configure-radius-server-...

code:
# configure radius mgmt-access primary server 192.168.25.189 client-ip 172.16.2.93 vr vr-default
Drew, you nailed it. Don't know why i did not look for the next options after the client IP 😞. Thanks alot, you guys are brilliant. Actually i am very knew to Extreme networks facing difficulties in configuring it.
If you allow, i want to ask one more question here 🙂 Is the SSH protocol is disabled by default and i have to download the package for it separately? If yes, how can i download it and why this is left like this. I believe SSH should have been packaged by default.
Userlevel 5
Muhammad Younas wrote:

Drew, you nailed it. Don't know why i did not look for the next options after the client IP 😞. Thanks alot, you guys are brilliant. Actually i am very knew to Extreme networks facing difficulties in configuring it.
If you allow, i want to ask one more question here 🙂 Is the SSH protocol is disabled by default and i have to download the package for it separately? If yes, how can i download it and why this is left like this. I believe SSH should have been packaged by default.

To access the SSH module, you can look at this knowledge base article: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-obtain-and-install-ssh-module/?q=ss...

I believe there is a disclaimer in the article that explains why the SSH module is separate from the EXOS Image.

In previous versions of EXOS the SSH module was a separate module, however, in version 21, the SSH module comes bundled with EXOS, so all you have to do is enable it.
Thank you for your prompt responses.

Reply