HPE Community
Aruba & ProVision-based
1753720 Members
5138 Online
108799 Solutions
New Discussion

Secure Management vlan and routing

 
Packet-Ghost
Occasional Advisor

‎02-20-2013 06:22 AM

‎02-20-2013 06:22 AM

Secure Management vlan and routing

Hi,

 

I've been reading about the secure management vlan and we are looking to implement it on our 5406zl's.

 

I have a question about routing related to this. Today we have a network 10.99.10.0/24 for network devices. A 5406zl have an address in this network - 10.99.10.10 - lets call it SwitchA

 

SwitchA also acts as a router and have several other networks attached, like 10.99.192.0/24. 

 

The default router for 10.99.10.0/24 is a firewall 10.99.10.1.

 

On the network 10.99.10.0 we also have several other devices like routes, switches, san-controllers etc.

 

Today - if I have a management station in the 10.99.192.0 network (let's call it 10.99.192.20) and I want to go to a device on 10.99.10.0 then SwitchA will route the packet to the correct network.

 

BUT - If I implement the Secure Management VLAN feature - then 10.99.10.0 will be excluded from routing. What happens to packets arriving at the router destined for the secured management vlan network? Can I create a nother route to this network? Will it be forwarded to the default gw or will it simply be dropped? If I simply add "ip route 10.99.10.0 255.255.255.0  some-other-router"  - what will happen?

 

If I want to go from 10.99.192.20 to 10.99.10.55 what will SwitchA do with the packet when 10.99.10.0/24 is the secure managemen vlan?

 

Anyone knows?

 

 

0 Kudos
1 REPLY 1
Chrisd131313
Trusted Contributor

‎02-20-2013 08:56 AM

‎02-20-2013 08:56 AM

Re: Secure Management vlan and routing

Hi Packet-Ghost,

 

My understanding is that whichever switch you use to try and route to the management VLAN with it will drop the packets.

 

If you use a router outside of the HP switches that has a trunked port and the management VLAN is a member of that trunk port then you could be able to route to it, but then your negating the whole point of a management VLAN :)

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.