Extreme stack no management access


I need help with configuring external access to my Extreme stack. The stack consists of X450e-48p (master), X650-24x (secondary).

I need help with making the vlan IP accessable from the internet. I have tried everything and cannot get the switch to allow any traffic at all on these IPs. ping returns destination unreachable.

Here is my show vlan:
Slot-1 x.4 # show vlan
---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------
Default 1 x.xx.xxx.88 /26 -----------T----------- ANY 11/18 VR-Default
Internal 4092 xx.x.x.2 /24 ----------------------- ANY 4 /5 VR-Default
iSCSI 4094 xx.x.xx.2 /24 ----------------------- ANY 3 /5 VR-Default
Mgmt 4095 xxx.xxx.xx.4 /24 ----------------------- ANY 1 /1 VR-Mgmt
Unused 4091 ------------------------------------------- ANY 0 /38 VR-Default

Ping returns nothing from within the switch:
Slot-1 x.5 # ping 8.8.8.8
Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

--- 8.8.8.8 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms

The mgmt IP is inaccesable from the internet via all protocols; ssh, telnet and web. All of these protocols are enabled globally on the switch.

The iproutes for VR-Mgmt are:
Slot-1 x.7 # show iproute vr vr-mgmt
Ori Destination Gateway Mtr Flags VLAN Duration
#d xxx.xxx.xx.0/24 xxx.xxx.xx.4 1 U------um--f Mgmt 0d:7h:53m:29s

IP stats on the mgmt interface seem to be receiving packets, but not sending anything:
Slot-1 x.11 # show ipstats mgmt
Router Interface on VLAN Mgmt
inet xxx.xxx.xx.4 netmask 255.255.255.0 broadcast xxx.xxx.xx.255
Stats: IN OUT
37374 0 packets
3854762 0 octets
311 0 Mcast pkts
12183 0 Bcast pkts
0 0 errors
23153 0 discards
0 unknown protos

The router for my management IP can be pinged from my office connection:
Pinging xxx.xxx.xx.1 with 32 bytes of data:
Reply from xxx.xxx.xx.1: bytes=32 time=36ms TTL=249
Reply from xxx.xxx.xx.1: bytes=32 time=63ms TTL=249

However, from the switch it does not ping:
Slot-1 x.13 # ping xxx.xxx.xx.1
Ping(ICMP) xxx.xxx.xx.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

The same happens with the VR-Default vr. It's IP address is also inaccessable, however is accessable from servers connected to the Default vlan.

Any help would be greatly appreciated, I am at a loss as to how to get the management port accessable from the internet.

Thanks.

12 replies

Sorry, I forgot to include version information:

Slot-1 : x Rev 7.0 BootROM: 1.0.5.5 IMG: 12.3.3.6 Slot-2 : x Rev 6.0 BootROM: 1.0.5.5 IMG: 12.3.3.6 [/code]
I have solved this problem. The process is to not set any IP on the Mgmt VLAN and set the alternate management IP address on the slot with it's management port connected via the following command:

configure stacking slot 1 alternate-ip-address [i]

Then to perform any activity requiring access to the internet, you need to change your context to the vr-mgmt router:

virtual-router vr-mgmt
Userlevel 2
Hi Michael. Thank you for sharing your resolution to this issue with the community. If you require additional assistance, please let us know. -Tamera
Userlevel 6
Hello Michael

I may be missing something but your initial setup should be correct I think the only thing you were missing was the VR statement in the Ping command

Summit-PC.7 # sh vlan
---------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------------
Default 1 192.168.0.1 /24 ------------T--------------- ANY 1 /3 VR-Default
Mgmt 4095 192.168.56.107 /24 ---------------------------- ANY 1 /1 VR-Mgmt
---------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for MLAG,
(k) PTP Configured, (l) MPLS Enabled, (L) Loopback Enabled,
(m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled,
(Z) OpenFlow Enabled

Total number of VLAN(s) : 2
Summit-PC.8 # ping 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

--- 192.168.56.1 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms
Summit-PC.9 # ping vr vr-m 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 192.168.56.1: icmp_seq=0 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=1 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=2 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=3 ttl=64 time=0.000 ms

--- 192.168.56.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms

The Alternate IP address in the stack is in case the stack is divided in two where you would have two new stacks each with a master. The alternate IP will allow you to get to both stacks.

Thanks
P
Paul Russo wrote:

Hello Michael

I may be missing something but your initial setup should be correct I think the only thing you were missing was the VR statement in the Ping command

Summit-PC.7 # sh vlan
---------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------------
Default 1 192.168.0.1 /24 ------------T--------------- ANY 1 /3 VR-Default
Mgmt 4095 192.168.56.107 /24 ---------------------------- ANY 1 /1 VR-Mgmt
---------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for MLAG,
(k) PTP Configured, (l) MPLS Enabled, (L) Loopback Enabled,
(m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled,
(Z) OpenFlow Enabled

Total number of VLAN(s) : 2
Summit-PC.8 # ping 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

--- 192.168.56.1 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms
Summit-PC.9 # ping vr vr-m 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 192.168.56.1: icmp_seq=0 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=1 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=2 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=3 ttl=64 time=0.000 ms

--- 192.168.56.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms

The Alternate IP address in the stack is in case the stack is divided in two where you would have two new stacks each with a master. The alternate IP will allow you to get to both stacks.

Thanks
P

hello ,

i would like to seek assistance on X450 : i am unable to access the switch after one of the switches were stacked. the switch i cant access is , i believe, the master stack switch.
i am unable to access the mgmt port even though it was configured with an ip address on the same subnet ( xxx.xxx.xxx.111 /21 ) as with vlan default.

hope i can hear from you
Thanks for the reply Paul. Whatever I did, I could not get the IP to respond by setting it on the Mgmt VLAN. With a stack, which switch management port is used as the primary by the stack, is it the master?
Userlevel 6
yes it is the Master switch. How were you connecting in the MGMT port to the network.

I see that the MGMT port was set xxx.xxx.xxx.xx4 is it able to ping anything on that subnet? Can you use fake IP Address and show me what the subnets are on your VLANs?

for example

Default 1 10.1.5.88 /26 -----------T----------- ANY 11/18 VR-Default
Internal 4092 10.3.4.2 /24 ----------------------- ANY 4 /5 VR-Default
iSCSI 4094 192.168.1.2 /24 ----------------------- ANY 3 /5 VR-Default
Mgmt 4095 192.168.10.4 /24 ----------------------- ANY 1 /1 VR-Mgmt
Unused 4091 ------------------------------------------- ANY 0 /38 VR-Default

Thanks
P
Hi Paul, I have just unconfigured the alternate IP and set the mgmt VLAN to the same IP and it is working now.

I had done exactly the same thing previously and it didn't work, no idea why it works now...

* Slot-1 ViralVPS.6 # ping vr vr-mgmt 8.8.8.8
Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=24 ms
16 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=9.356 ms
16 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=6.981 ms
16 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=8.462 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 6/12/24 ms

Anyway, all seems well. Thanks for the help.
Userlevel 6
you're welcome
Hi Paul
can we change mgmt vlan id 4095 to 100 , is it possible?
Userlevel 5
I Agree with Paul, your initial configuration was correct. By default XOS forwards all pings out of VR-Default, so pinging an Interface connected to VR-Mgmt will return an error unless you explicitly tell the ping to point to VR-Mgmt.

And for your last question, No, you cannot change the tag on the Mgmt VLAN.

Reply