Header Only - DO NOT REMOVE - Extreme Networks

SSH and Web management acces of switch from LAN


Hi there,

I'm new to ExtremeOS, im trying to setup SSH and Web management of an X450a-24t.
I have given the mgmt vlan an ip address.
And i have created a new vlan, vlan 4094 (ManagementVLAN) an ipaddress.
But i cant access either from the lan.

Can help with a step by step guide on how to configure this correctly?

Here is a screen grab of my vlan config.

---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------
Default 1 --------------------------------T------------ ANY 0 /26 VR-Default
ManagementVLAN 4094 --------------------------------------------- ANY 0 /0 VR-Default
Mgmt 4095 192.168.155.4 /16 ------------------------- ANY 1 /1 VR-Mgmt
---------------------------------------------------------------------------------------

Many thanks,

Peter

10 replies

Hi Peter,

A couple notes:

  • The Mgmt vlan is only the mgmt port on the front of the switch.
  • There are no ports in the "ManagementVLAN"
  • To add a port to "ManagementVLAN" use the following command "configure managementvlan add port "
  • The Mgmt vlan is a separate, dedicated, vlan that is intended for out-of-band management of the switch, and doesn't allow IP communication to the rest of the vlans on the switch.
Thanks
Brad
Userlevel 6
Hello Peter,

I think this article might be a good place to start:

Getting IP connectivity on a EXOS switch

Please understand that the Mgmt VLAN is a port by itself and cannot communicate with anything else on the switch.
Userlevel 3
HI Peter,

From the output provided it appears that the "ManagementVLAN" does not have any ports added (ports active 0 out of total 0). The "Mgmt" VLAN has the MGMT port active and the IP address is assigned to it. How is your MGMT port connected to your network environement? Did you setup a Default Gateway on the switch? Have you tried to ping 192.168.155.4 or ping from the switch to your PC/host?

Thanks,
Andrew
Hi there,

Thanks for your replies.

I have not set a DG, I am connecting directly to the management port on a pc with an IP address in the same subnet as the management port.

I have added port one of the switch using the command configure managementvlan add port 1 tagged when I connect a pc to that port and try and ping either of the 2 ip addresses on the VLANs I get no reply. I have set 192.168.155.10/16 as the IP of the pc.

Any ideas where I am going wrong?
Userlevel 6
A PC typically can't pass tagged traffic. Try changing it to untagged and see if it starts working.
im still struggling with this.
When I untag and add a port into the managemenvlan the i can access the SSH and web management of the switch.

What i amtrying to do is be able to managethe switch from another vlan.

i have created a data vlan now, added ip's to the all the vlans, added all the ports as untagged to data vlan now. I have a static ip address set on the pc, 192.168.155.10/16 no gateway.

Here is the VLAn info:-
---------------------------------------------------------------------------------------
Data 100 192.168.155.4 /16 -f----------------------- ANY 1 /26 VR-Default
Default 1 10.10.30.10 /24 -f----------------------- ANY 0 /0 VR-Default
ManagementVLAN 99 10.10.20.10 /24 -f----------------------- ANY 0 /0 VR-Default
Mgmt 4095 10.10.10.10 /24 ------------------------- ANY 0 /1 VR-Mgmt
---------------------------------------------------------------------------------------
I can ping and get a response from the 192.168.155.4 ip address.

i have enabled ip forwarding on all vlans but i still cant manage the switch for the data lan.

Can you give me a clue as to where i am going wrong?

Many thanks.
Userlevel 6
The ports are not added into the other VLANs. The VLANs will not become active unless there is an active port added to them.
Also, did you "enable web http/https"?
Hi yes enable web http has been run.

So do i just need to add all of the ports as tagged into the other valns then?
Userlevel 6
Hello Peter,

This is difficult to say. The ports and VLAN assignment is part of the design of the network. The tagging is used to send traffic L2 across VLANs with a common link. This way the other side (Ie. another switch, typically) can know what VLAN that traffic is associated with. You can only have one VLAN untagged per port.

Reply