Extreme Networks

Michael_Goodlif · ‎03-05-2014

I need help with configuring external access to my Extreme stack. The stack consists of X450e-48p (master), X650-24x (secondary).

I need help with making the vlan IP accessable from the internet. I have tried everything and cannot get the switch to allow any traffic at all on these IPs. ping returns destination unreachable.

Here is my show vlan:
Slot-1 x.4 # show vlan
---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------
Default 1 x.xx.xxx.88 /26 -----------T----------- ANY 11/18 VR-Default
Internal 4092 xx.x.x.2 /24 ----------------------- ANY 4 /5 VR-Default
iSCSI 4094 xx.x.xx.2 /24 ----------------------- ANY 3 /5 VR-Default
Mgmt 4095 xxx.xxx.xx.4 /24 ----------------------- ANY 1 /1 VR-Mgmt
Unused 4091 ------------------------------------------- ANY 0 /38 VR-Default

Ping returns nothing from within the switch:
Slot-1 x.5 # ping 8.8.8.8
Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

--- 8.8.8.8 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms

The mgmt IP is inaccesable from the internet via all protocols; ssh, telnet and web. All of these protocols are enabled globally on the switch.

The iproutes for VR-Mgmt are:
Slot-1 x.7 # show iproute vr vr-mgmt
Ori Destination Gateway Mtr Flags VLAN Duration
#d xxx.xxx.xx.0/24 xxx.xxx.xx.4 1 U------um--f Mgmt 0d:7h:53m:29s

IP stats on the mgmt interface seem to be receiving packets, but not sending anything:
Slot-1 x.11 # show ipstats mgmt
Router Interface on VLAN Mgmt
inet xxx.xxx.xx.4 netmask 255.255.255.0 broadcast xxx.xxx.xx.255
Stats: IN OUT
37374 0 packets
3854762 0 octets
311 0 Mcast pkts
12183 0 Bcast pkts
0 0 errors
23153 0 discards
0 unknown protos

The router for my management IP can be pinged from my office connection:
Pinging xxx.xxx.xx.1 with 32 bytes of data:
Reply from xxx.xxx.xx.1: bytes=32 time=36ms TTL=249
Reply from xxx.xxx.xx.1: bytes=32 time=63ms TTL=249

However, from the switch it does not ping:
Slot-1 x.13 # ping xxx.xxx.xx.1
Ping(ICMP) xxx.xxx.xx.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

The same happens with the VR-Default vr. It's IP address is also inaccessable, however is accessable from servers connected to the Default vlan.

Any help would be greatly appreciated, I am at a loss as to how to get the management port accessable from the internet.

Thanks.

Michael_Goodlif · ‎03-06-2014

Hi Paul, I have just unconfigured the alternate IP and set the mgmt VLAN to the same IP and it is working now.

I had done exactly the same thing previously and it didn't work, no idea why it works now...

* Slot-1 ViralVPS.6 # ping vr vr-mgmt 8.8.8.8
Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=24 ms
16 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=9.356 ms
16 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=6.981 ms
16 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=8.462 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 6/12/24 ms

Anyway, all seems well. Thanks for the help.

Paul_Russo · ‎03-06-2014

yes it is the Master switch. How were you connecting in the MGMT port to the network.

I see that the MGMT port was set xxx.xxx.xxx.xx4 is it able to ping anything on that subnet? Can you use fake IP Address and show me what the subnets are on your VLANs?

for example

Default 1 10.1.5.88 /26 -----------T----------- ANY 11/18 VR-Default
Internal 4092 10.3.4.2 /24 ----------------------- ANY 4 /5 VR-Default
iSCSI 4094 192.168.1.2 /24 ----------------------- ANY 3 /5 VR-Default
Mgmt 4095 192.168.10.4 /24 ----------------------- ANY 1 /1 VR-Mgmt
Unused 4091 ------------------------------------------- ANY 0 /38 VR-Default

Thanks
P

Michael_Goodlif · ‎03-06-2014

Thanks for the reply Paul. Whatever I did, I could not get the IP to respond by setting it on the Mgmt VLAN. With a stack, which switch management port is used as the primary by the stack, is it the master?

Paul_Russo · ‎03-06-2014

Hello Michael

I may be missing something but your initial setup should be correct I think the only thing you were missing was the VR statement in the Ping command

Summit-PC.7 # sh vlan
---------------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------------
Default 1 192.168.0.1 /24 ------------T--------------- ANY 1 /3 VR-Default
Mgmt 4095 192.168.56.107 /24 ---------------------------- ANY 1 /1 VR-Mgmt
---------------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) Dynamically created VLAN, (D) VLAN Admin Disabled,
(e) CES Configured, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for MLAG,
(k) PTP Configured, (l) MPLS Enabled, (L) Loopback Enabled,
(m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled, (V) VPLS Enabled, (W) VPWS Enabled,
(Z) OpenFlow Enabled

Total number of VLAN(s) : 2
Summit-PC.8 # ping 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable
Packet transmit error; Destination unreachable

--- 192.168.56.1 ping statistics ---
0 packets transmitted, 0 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms
Summit-PC.9 # ping vr vr-m 192.168.56.1
Ping(ICMP) 192.168.56.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 192.168.56.1: icmp_seq=0 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=1 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=2 ttl=64 time=0.000 ms
16 bytes from 192.168.56.1: icmp_seq=3 ttl=64 time=0.000 ms

--- 192.168.56.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/0/0 ms

The Alternate IP address in the stack is in case the stack is divided in two where you would have two new stacks each with a master. The alternate IP will allow you to get to both stacks.

Thanks
P

dr_strange · ‎03-06-2014

hello ,

i would like to seek assistance on X450 : i am unable to access the switch after one of the switches were stacked. the switch i cant access is , i believe, the master stack switch.
i am unable to access the mgmt port even though it was configured with an ip address on the same subnet ( xxx.xxx.xxx.111 /21 ) as with vlan default.

hope i can hear from you

Extreme Networks

Extreme stack no management access

Extreme stack no management access