HPE Community
Aruba & ProVision-based
1753546 Members
5663 Online
108795 Solutions
New Discussion

Re: Using VLAN other than VLAN1 for ProCurve Management

 
SOLVED
Go to solution
fisherman_steve
Occasional Contributor

‎04-30-2013 01:27 AM

‎04-30-2013 01:27 AM

Using VLAN other than VLAN1 for ProCurve Management

i have a number of Procurce 2610's where everything is in the default VLAN.

Am in the process of implementing VLANs.

I am doing routing between VLANs on a Watchguard XTM Firebox which is working fine.

 

Current setup is:

VLAN 1  IP 192.168.30.1/16  (Yes, everything is /16 !!)

Interface 47 goes to the Watchguard and is untagged.

 

VLAN 30 (New mgmnt VLAN) IP 10.122.30.4/24

Interface 4 goes to the Watchguard and is tagged on the switch & the Watchguard.

From a client (192.168.1.253/16) I can PING and SSH to VLAN1 (192.168.30.1) all ok.

From the same client, I can PING 10.122.30.4 ok but am unable to SSH.  Using puTTY it opens up the window then after a while comes back with "Network error: Software caused connection abort".

 

I have tried untagging 4 in VLAN 30 and marking this VLAN as untagged on the Watchguard but get exactly the same results.

 

What am I missing - I assume the management VLAN can be tagged?

 

 

0 Kudos
2 REPLIES 2
Richard Brodie_1
Honored Contributor

‎04-30-2013 08:57 AM

‎04-30-2013 08:57 AM

Re: Using VLAN other than VLAN1 for ProCurve Management

Not doing 'management-vlan VLAN-ID', perhaps?

0 Kudos
fisherman_steve
Occasional Contributor

‎04-30-2013 09:35 AM

‎04-30-2013 09:35 AM

Solution

Re: Using VLAN other than VLAN1 for ProCurve Management

Hi Richard, thanks for the reply.

 

I have managed to get it working late this afternoon after days of frustration.

I'm still not sure why it would'nt work though.

 

What I have done is disconnect the cable that carried the untagged VLAN1 traffic to the Watchguard (192.168.0.0/16) and route that traffic as untagged on the other cable to the Watchguard.  So now all traffic (both tagged and untagged) is down thae same cable. This did not make any difference.

 

I then removed the IP Address from VLAN1 and hey presto, I could SSH and HTTP to the new management vlan on 10.122.30.4 from a server on the 192.168.0.0/16 subnet (vlan1).

 

Any ideas as to why having an IP address on VLAN1 prevents SSH/HTTP connections to other VLANS with Ip addresses?

 

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.