Extreme Networks

Hi guys,

I need some input / ideas / confirmation from you. 🙂 

Given is the following:

• A Core-router (EXOS) at a remote location, with several interfaces with an IP-Address and ipforwarding enabled: e.g. Client-VLAN, Switch-Mgmt VLAN, Transfer-Net to the next router/firewall and so on
• some Access-switches conntected to that router, which only have one IP-Address (on the Switch-Mgmt VLAN)
• the Core-router is added to XMC with the IP-Address on the Switch-Mgmt VLAN. SSH-Access and SNMP is also done via this IP-Address/VLAN

Problem:

• Some things (like SCP, TFTP, Archive via XMC, SNTP...) can't be configured to use a specific source IP-address (for radius you can luckily configure this IP)
• the switch will use the IP-address of the interface where these packet egress the switch (in these cases the uplink to the next router/firewall)
• this ip-address is most likely not reachable from the headquarter where the XMC and other servers are located, because the transfer-nets are usually not needed to be routed. Firmware Update and Switch backup fails because of this

On EOS you could define a Management-Address, but for EXOS this is not possible. Afaik the only solution would be to use a different VR that is only used for the Switch-Mgmt VLAN and only has one IP-Address. Is this correct or is this also not the solution? 

So for a new router it's easy:

• switch must support routing between VRs (I think Edge-License is sufficient, but X620 and X440G2 don't support routing between VRs at all - right?)
• create new VR
• create Switch-Mgmt VLAN on this VR
• modify some scripts on XMC so that the switch uses this VR for backup / upgrade

For already existing routers it is a bit more complicated I guess:

• switch must support routing between VRs
• delete the existing Switch Mgmt-VLAN
• create new VR
• recreate the Switch Mgmt-VLAN on the new VR
• Add this VLAN to the Downlinks to the Access-Switches
  • For this you need to remove the Port from the VR because you can't add a VLAN with a different VR to a port with another VR (Why do ports even have VRs if VLANs also have a VR by default?)
  • to remove the Port from a VR you need to remove all VLANs from the Port (why 😞 )
• So: Remove all vlans on the downlinks, remove port VR, re-add all vlans
• modify scripts on XMC

Did I understand this correctly? Is there anything to improve on my procedure for existing routers? Can I avoid removing all VLANs from a Port in order to achieve my goal? On some locations there are dozens vlans on these ports.
And I also fear that I might cut myself from the router somehow… and then I’m fcked because the router are all over the world. 😄 

Best regards
Stefan