https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93487#M1947 <P>Robert,</P><P>You either use mgmt VLAN or mgmt CLIP.</P><P>If you use CLIP, there is no need to add a VLAN on the firewall, just a route would be needed (+ security policies).</P><P>Be carefull with Natting mgmt interface because it is the one used for Radius and XIQ-SE snmp communication.</P><P>You can also work with the same mgmgt VLAN for all your switches but again, the NATting could cause trouble with Radius and XIQ-SE snmp communication.</P><P>&nbsp;</P><P>Mig</P> Mon, 24 Oct 2022 07:22:25 GMT Miguel-Angel_RO 2022-10-24T07:22:25Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93474#M1946 <P>Hello,</P><P>If the general rule is to use CLIP as management interface for Fabric Engine with Segmented Management Interface when using L3 BEB or L3 non-fabric how can a connection be established using a NAT enabled Firewall?</P><P>Would we add a Mgmt VLAN and add it to the uplink to the Firewall so that it can be NATd?</P><P>I think this is the only option and would allow access to the CPU using a mgmt VLAN. We can have multiple management interfaces after all. With L3 enabled switch the mgmt VLAN would not be accessible from other local VLAN IP interfaces.</P><P>Thanks,</P><P>Rob</P> Fri, 21 Oct 2022 16:10:30 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93474#M1946 RobertD1 2022-10-21T16:10:30Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93487#M1947 <P>Robert,</P><P>You either use mgmt VLAN or mgmt CLIP.</P><P>If you use CLIP, there is no need to add a VLAN on the firewall, just a route would be needed (+ security policies).</P><P>Be carefull with Natting mgmt interface because it is the one used for Radius and XIQ-SE snmp communication.</P><P>You can also work with the same mgmgt VLAN for all your switches but again, the NATting could cause trouble with Radius and XIQ-SE snmp communication.</P><P>&nbsp;</P><P>Mig</P> Mon, 24 Oct 2022 07:22:25 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93487#M1947 Miguel-Angel_RO 2022-10-24T07:22:25Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93498#M1948 <P>Thanks Mig</P> Mon, 24 Oct 2022 12:40:08 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/fabric-engine-with-mgmt-clip-and-nat-firewall/m-p/93498#M1948 RobertD1 2022-10-24T12:40:08Z