This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (Other)
- RE: Two X440 stacked random access to management
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Two X440 stacked random access to management
Two X440 stacked random access to management
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:11 AM
Hello
I'm quite new to Extreme and have yet some limited knowledge about XOS.
But the story is that i have replaced our core router (X440-24t) with two "new" X440-24t in stack.
Firmware version 16.2.2.4 as Extreme recommends for the X440.
I have copied most of the configuration from the old one.
Management port connected with cable to switch port 1:1 with untagged VLAN401
I did run the stack config-guide-thingie and it went wonderful, and at the lab where i set them up it worked perfectly.
I have it set them to act as router for 3 ip ranges.
But when i moved the switches to the server room i began to get random access to the mgmt interface. Tho all traffic to and from configured VLANs are working perfect.
After a lot of troubleshooting i noticed that i can access the mgmt-cli via our external IP's that i have configured in the switch, now, i thought this was not possible after reading a lot on vr-mgmt access.
I have also random access for outgoing traffic from vr-mgmt to any, basically, for ex. ping google it works sometime but most of the time it does not.
But when i access SSH thru our external IP i get no errors or disconnect from cli as i get when connected thru the internal IP i have setup on the mgmt vlan.
I can access the mgmt-cli thru any of the VLAN105X ip addresses.
Now, what have i done wrong?
Config:
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-24,2:1-24
configure vr VR-Default add ports 1:1-24,2:1-24
configure vlan default delete ports 1:1-24,2:1-24
enable jumbo-frame ports all
configure vman ethertype 0x8100 secondaryconfigure iproute add default 172.16.254.1 vr VR-Mgmt
configure iproute add default xx.xxx.88.93
configure vlan Mgmt ipaddress 172.16.254.254 255.255.255.0 configure vlan WAN ipaddress xx.xxx.88.94 255.255.255.252 enable ipforwarding vlan WAN configure vlan VLAN1052 ipaddress xx.xxx.60.193 255.255.255.224 enable ipforwarding vlan VLAN1052 configure vlan VLAN1053 ipaddress xxx.xxx.115.129 255.255.255.240 enable ipforwarding vlan VLAN1053 configure vlan VLAN1054 ipaddress xxx.xxx.115.145 255.255.255.240 enable ipforwarding vlan VLAN1054 configure vlan VLAN1055 ipaddress xxx.xxx.115.161 255.255.255.224 enable ipforwarding vlan VLAN1055
I also noticed that when im doing an arping from an linux machine i get this
# arping -D -I ens32 -c 6 172.16.254.254
ARPING 172.16.254.254 from 0.0.0.0 ens32
Unicast reply from 172.16.254.254 [00:04:96:98:04:B6] 0.904ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
# arping -I ens32 -c 2 172.16.254.254
ARPING 172.16.254.254 from 172.16.254.41 ens32
Unicast reply from 172.16.254.254 [02:04:96:6D:59:9B] 0.916ms
Sent 2 probes (1 broadcast(s))
Received 1 response(s)
and on the switch i get this from iparp
# sh iparp vr "VR-Mgmt"
VR Destination Mac Age Static VLAN VID Port
VR-Mgmt 172.16.254.41 00:50:56:b6:ac:1e 2 NO Mgmt 4095
Dynamic Entries : 6 Static Entries : 0
Pending Entries : 1
In Request : 15389 In Response : 1671
Out Request : 30438 Out Response : 3924
Failed Requests : 4656
Proxy Answered : 3913
Rx Error : 0 Dup IP Addr : 172.16.254.254
Rejected Count : 307 Rejected IP : 172.16.254.41
Rejected Port : Rejected I/F :
Max ARP entries : 4096 Max ARP pending entries : 256
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds
Reachable Time : 900000 milliseconds (Auto)
Fast Convergence : Off
I'm going mad soon
I'm quite new to Extreme and have yet some limited knowledge about XOS.
But the story is that i have replaced our core router (X440-24t) with two "new" X440-24t in stack.
Firmware version 16.2.2.4 as Extreme recommends for the X440.
I have copied most of the configuration from the old one.
Management port connected with cable to switch port 1:1 with untagged VLAN401
I did run the stack config-guide-thingie and it went wonderful, and at the lab where i set them up it worked perfectly.
I have it set them to act as router for 3 ip ranges.
But when i moved the switches to the server room i began to get random access to the mgmt interface. Tho all traffic to and from configured VLANs are working perfect.
After a lot of troubleshooting i noticed that i can access the mgmt-cli via our external IP's that i have configured in the switch, now, i thought this was not possible after reading a lot on vr-mgmt access.
I have also random access for outgoing traffic from vr-mgmt to any, basically, for ex. ping google it works sometime but most of the time it does not.
But when i access SSH thru our external IP i get no errors or disconnect from cli as i get when connected thru the internal IP i have setup on the mgmt vlan.
I can access the mgmt-cli thru any of the VLAN105X ip addresses.
Now, what have i done wrong?
Config:
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-24,2:1-24
configure vr VR-Default add ports 1:1-24,2:1-24
configure vlan default delete ports 1:1-24,2:1-24
enable jumbo-frame ports all
configure vman ethertype 0x8100 secondaryconfigure iproute add default 172.16.254.1 vr VR-Mgmt
configure iproute add default xx.xxx.88.93
configure vlan Mgmt ipaddress 172.16.254.254 255.255.255.0 configure vlan WAN ipaddress xx.xxx.88.94 255.255.255.252 enable ipforwarding vlan WAN configure vlan VLAN1052 ipaddress xx.xxx.60.193 255.255.255.224 enable ipforwarding vlan VLAN1052 configure vlan VLAN1053 ipaddress xxx.xxx.115.129 255.255.255.240 enable ipforwarding vlan VLAN1053 configure vlan VLAN1054 ipaddress xxx.xxx.115.145 255.255.255.240 enable ipforwarding vlan VLAN1054 configure vlan VLAN1055 ipaddress xxx.xxx.115.161 255.255.255.224 enable ipforwarding vlan VLAN1055
I also noticed that when im doing an arping from an linux machine i get this
# arping -D -I ens32 -c 6 172.16.254.254
ARPING 172.16.254.254 from 0.0.0.0 ens32
Unicast reply from 172.16.254.254 [00:04:96:98:04:B6] 0.904ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
# arping -I ens32 -c 2 172.16.254.254
ARPING 172.16.254.254 from 172.16.254.41 ens32
Unicast reply from 172.16.254.254 [02:04:96:6D:59:9B] 0.916ms
Sent 2 probes (1 broadcast(s))
Received 1 response(s)
and on the switch i get this from iparp
# sh iparp vr "VR-Mgmt"
VR Destination Mac Age Static VLAN VID Port
VR-Mgmt 172.16.254.41 00:50:56:b6:ac:1e 2 NO Mgmt 4095
Dynamic Entries : 6 Static Entries : 0
Pending Entries : 1
In Request : 15389 In Response : 1671
Out Request : 30438 Out Response : 3924
Failed Requests : 4656
Proxy Answered : 3913
Rx Error : 0 Dup IP Addr : 172.16.254.254
Rejected Count : 307 Rejected IP : 172.16.254.41
Rejected Port : Rejected I/F :
Max ARP entries : 4096 Max ARP pending entries : 256
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds
Reachable Time : 900000 milliseconds (Auto)
Fast Convergence : Off
I'm going mad soon
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:18 AM
Hello Magnus,
At first glance it looks like a duplicate IP. The arping output is showing 00:04:96:98:04:B6 and 02:04:96:6D:59:9B. These are both Extreme Switches. The one starting with 02 is a stack mac address. Can you confirm what the other switch is? It may be one of the nodes in the stack. You should be able to find this with the "show stacking detail" output if you want to paste it in here.
At first glance it looks like a duplicate IP. The arping output is showing 00:04:96:98:04:B6 and 02:04:96:6D:59:9B. These are both Extreme Switches. The one starting with 02 is a stack mac address. Can you confirm what the other switch is? It may be one of the nodes in the stack. You should be able to find this with the "show stacking detail" output if you want to paste it in here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:18 AM
Hi
both mac belong to stack-1
# sh stacking detail
Stacking Node 00:04:96:98:04:b6 information:
Current:
Stacking : Enabled
Role : Master
Priority : Automatic
Slot number : 1
Stack state : Active
Master capable? : Yes
Stacking protocol : Enhanced
License level restriction :
In active topology? : Yes
Factory MAC address : 00:04:96:98:04:b6
Stack MAC address : 02:04:96:6d:59:9b
Alternate IP address :
Alternate gateway :
Stack Port 1:
State : Link down
Blocked? : No
Control path active? : No
Stack Port 2:
State : Operational
Blocked? : No
Control path active? : Yes
Configured:
Stacking : Enabled
Master capable? : Yes
Slot number : 1
Stack MAC address : 02:04:96:6d:59:9b
Stacking protocol : Enhanced
License level restriction :
both mac belong to stack-1
# sh stacking detail
Stacking Node 00:04:96:98:04:b6 information:
Current:
Stacking : Enabled
Role : Master
Priority : Automatic
Slot number : 1
Stack state : Active
Master capable? : Yes
Stacking protocol : Enhanced
License level restriction :
In active topology? : Yes
Factory MAC address : 00:04:96:98:04:b6
Stack MAC address : 02:04:96:6d:59:9b
Alternate IP address :
Alternate gateway :
Stack Port 1:
State : Link down
Blocked? : No
Control path active? : No
Stack Port 2:
State : Operational
Blocked? : No
Control path active? : Yes
Configured:
Stacking : Enabled
Master capable? : Yes
Slot number : 1
Stack MAC address : 02:04:96:6d:59:9b
Stacking protocol : Enhanced
License level restriction :
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:15 AM
In short, don't do it this way 🙂
The mgmt port is for true out-of-band management and shouldn't be connected back into the same switch.
Take a look at the discussion in this thread: https://community.extremenetworks.com/extreme/topics/recommendation-for-configuration-of-management-...
The mgmt port is for true out-of-band management and shouldn't be connected back into the same switch.
Take a look at the discussion in this thread: https://community.extremenetworks.com/extreme/topics/recommendation-for-configuration-of-management-...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:15 AM
The mgmt VLAN in the switch is dedicated for the management port. It is separate to the rest of the ports and they will not mix. Any of the created VLAN IPs can be used to manage the switch.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-01-2017 11:15 AM
Thank you
If i understand this correctly, i just need to set an IP on VLAN401 (it our mgmt vlan) and then i can manage the switch without connection to the management port?
If i understand this correctly, i just need to set an IP on VLAN401 (it our mgmt vlan) and then i can manage the switch without connection to the management port?
