- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Management VLAN - HP STACK
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2018 03:39 AM
05-14-2018 03:39 AM
Management VLAN - HP STACK
Hello,
I’ve build a HP Stack (1x Aruba 2920 48 port + 3x Aruba 2920 24 port) with several VLANS. Everything works fine except one thing. I want to create a Vlan who can access all other VLANS.
I created VLAN70 to be the management vlan. I setup some access lists, but it doesn’t seems to work as I assumed it would.
When I give myself a IP-address in vlan70 I’m only able to manage other VLANS when they are physically connected to the same switch I am.
Does anyone has an idea how to get this done?
Thanks in Advance.
Michel
Config:
stacking
member 1 type "J9727A" mac-address d06726-8ea500
member 2 type "J9729A" mac-address 98f2b3-fa1280
member 3 type "J9727A" mac-address d06726-8ee080
member 4 type "J9727A" mac-address d06726-8ffcc0
exit
hostname "Stack-Test"
aruba-central disable
no rest-interface
telnet-server listen data
web-management listen data
ip access-list extended "vlan20-acl"
1 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3389
2 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3389
3 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
9 permit ip 172.16.20.0 0.0.0.255 172.16.10.215 0.0.0.255
10 deny ip 172.16.20.0 0.0.0.255 172.16.10.0 0.0.0.255
11 deny ip 172.16.20.0 0.0.0.255 172.16.30.0 0.0.0.255
12 deny ip 172.16.20.0 0.0.0.255 172.16.50.0 0.0.0.255
13 deny ip 172.16.20.0 0.0.0.255 172.16.60.0 0.0.0.255
14 deny ip 172.16.20.0 0.0.0.255 172.16.40.0 0.0.0.255
20 permit ip 172.16.20.0 0.0.0.255 10.0.0.10 0.0.0.255
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "vlan40-acl"
1 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3389
2 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3389
3 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
9 permit ip 172.16.40.0 0.0.0.255 172.16.70.0 0.0.0.255
10 deny ip 172.16.40.0 0.0.0.255 172.16.10.0 0.0.0.255
11 deny ip 172.16.40.0 0.0.0.255 172.16.20.0 0.0.0.255
12 deny ip 172.16.40.0 0.0.0.255 172.16.30.0 0.0.0.255
13 deny ip 172.16.40.0 0.0.0.255 172.16.50.0 0.0.0.255
14 deny ip 172.16.40.0 0.0.0.255 172.16.60.0 0.0.0.255
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "vlan50-acl"
20 permit ip 172.16.50.0 0.0.0.255 10.0.0.1 0.0.0.255
exit
ip access-list extended "vlan70-acl"
10 permit ip 172.16.70.0 0.0.0.255 172.16.10.0 0.0.0.255
20 permit ip 172.16.70.0 0.0.0.255 172.16.40.0 0.0.0.255
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip authorized-managers 172.16.70.215 255.255.255.255 access manager
ip authorized-managers 10.0.0.10 255.255.255.255 access manager
ip authorized-managers 172.16.10.215 255.255.255.255 access manager
ip default-gateway 10.0.0.10
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip routing
interface 2/17
speed-duplex auto-100
exit
interface 3/14
speed-duplex auto-100
exit
snmp-server community "public" unrestricted
snmp-server listen data
oobm
disable
no ip address
member 1
ip address dhcp-bootp
exit
member 2
ip address dhcp-bootp
exit
member 3
ip address dhcp-bootp
exit
member 4
ip address dhcp-bootp
exit
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1/1-1/24,2/1-2/48,3/1-3/24,4/1-4/24
ip address 172.16.1.254 255.255.255.0
exit
vlan 2
name "ROUTER"
untagged 2/48
ip address 10.1.0.254 255.255.255.0
exit
vlan 3
name "SERVER"
untagged 2/45-2/47
ip access-group "vlan3-acl" vlan-in
ip address 10.0.0.254 255.255.255.0
exit
vlan 10
name "DATA"
untagged 1/1-1/8,2/1-2/18,3/1-3/8,4/1-4/8
tagged 2/46
ip address 172.16.10.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 15
name "WIFI"
untagged 1/21-1/22,3/21-3/22,4/21-4/22
tagged 2/39-2/40,2/46
ip address 172.16.15.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 20
name "TELEFONIE"
untagged 1/9-1/14,2/19-2/24,3/9-3/14,4/9-4/14
tagged 2/46
ip access-group "vlan20-acl" vlan-in
ip address 172.16.20.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 30
name "AUDIO"
untagged 1/23-1/24,3/23-3/24,4/23-4/24
tagged 2/46
ip address 172.16.30.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 40
name "TOEGANG"
untagged 1/15-1/20,2/25-2/38,3/15-3/20,4/15-4/20
tagged 1/21-1/22,2/39-2/40,2/46,3/21-3/22,4/21-4/22
ip access-group "vlan40-acl" vlan-in
ip address 172.16.40.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 50
name "WIFI GASTEN"
untagged 2/39-2/40
tagged 1/21-1/22,2/46,3/21-3/22,4/21-4/22
ip access-group "vlan20-acl" vlan-in
ip address 172.16.50.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 60
name "DIVERSEN"
untagged 2/41-2/42
tagged 2/46
ip address 172.16.60.254 255.255.255.0
ip helper-address 10.0.0.10
exit
vlan 70
name "MANAGEMENT"
untagged 2/43-2/44
ip access-group "vlan70-acl" vlan-in
ip address 172.16.70.254 255.255.255.0
ip helper-address 10.0.0.10
exit
no tftp server
tftp server listen data
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2018 08:13 PM
05-14-2018 08:13 PM
Re: Management VLAN - HP STACK
Firstly, do a "show stacking" to make sure your stack is OK.
Then, please explain what you mean by "manage other VLANs" - what connectivity it failing, and what are the full IP addressing details of the relevant hosts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2018 12:41 AM
05-15-2018 12:41 AM
Re: Management VLAN - HP STACK
Thank you for your replcy!
Stack-Test# sh stacking
Stack ID : 010098f2-b3fa1280
MAC Address : d06726-8ea523
Stack Topology : Ring
Stack Status : Active
Split Policy : One-Fragment-Up
Uptime : 69d 12h 14m
Software Version : WB.16.02.0012
Mbr
ID Mac Address Model Pri Status
--- ------------- -------------------------------------- --- ---------------
1 d06726-8ea500 HP J9727A 2920-24G-PoE+ Switch 128 Standby
2 98f2b3-fa1280 HP J9729A 2920-48G-POE+ Switch 128 Member
3 d06726-8ee080 HP J9727A 2920-24G-PoE+ Switch 128 Commander
4 d06726-8ffcc0 HP J9727A 2920-24G-PoE+ Switch 128 Member
For example:
VLAN 20 = VOIP
VLAN 40 = Access (Doors etc..)
I want to be able to access all of the IP-Addresses in these VLANs. But somehow I ‘am only able to access the clients (IP-Addresses) who are connected to the same physical switch I ‘am. (I can ping the gateway of every VLAN) But the weird thing is. I can access all IP-Addresses in the same vlan I ‘am.
I just want to be able to access all networks devices in the network (Different vlans) from one specified Network (VLAN 70 172.16.70.x).
I hope this makes it clearer.
Regards, Michel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2018 09:36 PM
05-16-2018 09:36 PM
Re: Management VLAN - HP STACK
What are the IP addressing details (including default gateway and subnet mask) of the two devices that cannot communicate?