IP connectivity
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-14-2016 10:23 AM
I am trying to connect switch using management port. The ip assigned to management port can be pinged but when i ping the default gateway it is not pingable.. that is switch is not reachable. Please tell me how to solve the problem.
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-17-2016 06:47 AM
It worked. Thanks Guys..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-17-2016 06:47 AM
Great news Danial and well done.
This is a pretty common stumbling block for folks with EXOS. In the interest of helping those in the future that may read this thread, how did you sort it out?
This is a pretty common stumbling block for folks with EXOS. In the interest of helping those in the future that may read this thread, how did you sort it out?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-14-2016 06:17 PM
To illustrate Daniel's comment:
if you ping an IP address without specifying the VR, you are in VR-Default (front panel ports).
if you do a download image on the same IP, still without specifying the VR, you are in VR-Mgmt.
So it is doable to ping a server (tftp) and not able to download if you are not paying attention to the VR.
I'd like to see a "show vlan", examples of your commands to ping and download image, and sh conf rtmgr.
if you ping an IP address without specifying the VR, you are in VR-Default (front panel ports).
if you do a download image on the same IP, still without specifying the VR, you are in VR-Mgmt.
So it is doable to ping a server (tftp) and not able to download if you are not paying attention to the VR.
I'd like to see a "show vlan", examples of your commands to ping and download image, and sh conf rtmgr.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-14-2016 03:35 PM
Some basics are in order here.
EXOS supports a Management Virtual Router (vr-mgmt)) to which ONLY the mgmt vlan and port belong. This can't be changed. It also supports a Default Virtual Router (vr-default) to which the the default vlan and all the front ports belong.
It is NOT POSSIBLE to pass traffic between vlans belonging to these two VR's. The whole point of having a separate dedicated mgmt port is security. In security-conscious environments (an ISP, for example) all management is done exclusively through a private vlan that can't be reached by public vlans and external customers. This separation is fundamental to avoid attacks to the switches. Another advantage is that if a denial-of-service attack is crippling the public vlans and ports, the manager still has a separate protected network to manage the switches and combat the DoS attack.
There are separate routing tables for each VR, each one containing a default route or static routes. If you are managing the switch through the management port, you must make sure there's a route from the management port IP address to the IP address of the FTP/TFTP server, or the workstations you are using to manage it, if they are in different subnets. You must also be careful because commands such as ping, tftp get/put, or upgrade allow to specify through which VR the command will communicate with the network.
EXOS supports a Management Virtual Router (vr-mgmt)) to which ONLY the mgmt vlan and port belong. This can't be changed. It also supports a Default Virtual Router (vr-default) to which the the default vlan and all the front ports belong.
It is NOT POSSIBLE to pass traffic between vlans belonging to these two VR's. The whole point of having a separate dedicated mgmt port is security. In security-conscious environments (an ISP, for example) all management is done exclusively through a private vlan that can't be reached by public vlans and external customers. This separation is fundamental to avoid attacks to the switches. Another advantage is that if a denial-of-service attack is crippling the public vlans and ports, the manager still has a separate protected network to manage the switches and combat the DoS attack.
There are separate routing tables for each VR, each one containing a default route or static routes. If you are managing the switch through the management port, you must make sure there's a route from the management port IP address to the IP address of the FTP/TFTP server, or the workstations you are using to manage it, if they are in different subnets. You must also be careful because commands such as ping, tftp get/put, or upgrade allow to specify through which VR the command will communicate with the network.
