This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Users on the User vlan that I configured can not access the Mgmt vlan to administer the switch, how do configure them do be able to do so?

Users on the User vlan that I configured can not access the Mgmt vlan to administer the switch, how do configure them do be able to do so?

Nieko_Adams
New Contributor

‎01-08-2015 03:12 PM

Users on the User vlan that I configured can not access the Mgmt vlan to administer the switch, how do configure them do be able to do so? Do I just create a static route from the User vlan to the Mgmt Vlan? or do I configure an ACL or something? I need to know the best way to go about this.

All help and advice is appreciated. Let me know if any clarification is needed.

Thanks!

Nieko Adams
0 Kudos
3 REPLIES 3

dflouret
Extreme Employee

‎01-09-2015 12:30 PM

Nieko,

The management vlan (mgmt) and the user vlans (default and any user-created vlans) reside in different virtual routers (VR-MGMT and VR-DEFAULT). There is no possible connection between these two VRs. So you can't get to the mgmt IP unless you are in the mgmt vlan.

As Robert told you, you can manage a switch through any vlan that has an IP address (unless you restrict it). You don't have to be in the same vlan, as long as you have a route to that IP address

Service Providers don´t like this because they don't want customers to be able to manage the switch, so they usually configure it to allow management only through the mgmt vlan/port.

Having a separate and isolated management network also allows you to manage the switch if the user vlans have communications problems (broadcast storms, loops in the network, etc). For this to work, the management network must be completely separated from the user network.

Nothing prevents you from having both types of access. NetSight connects to the switches through the mgmt vlan, and administrators open CLI sessions through the user vlans. This way NetSight keeps in touch with the switches, even if you can't access them because of network problems.

0 Kudos

rbrt
Contributor

‎01-09-2015 07:28 AM

The other solution would be to just move the management IP to the user VLAN, if that is suitable for your environment (e.g. no dedicated mgmt network).
0 Kudos

PARTHIBAN_CHINN
Contributor

‎01-08-2015 03:36 PM

VR Default and VR MGMT cant route between them .
You should have a setup as below

cfa61be4e1d946ccbcc5561fc1f8a14e_RackMultipart20150108-24579-d1h9v-colour_inline.png



0 Kudos
GTM-P2G8KFN