HPE Community
Switches, Hubs, and Modems
1753371 Members
4836 Online
108792 Solutions
New Discussion юеВ

Re: Management VLAN Questions - stuck

 
SOLVED
Go to solution
psycho.chicken
Regular Advisor

тАО01-17-2007 05:56 AM

тАО01-17-2007 05:56 AM

Management VLAN Questions - stuck

OK...

So right now my switches are set up great

See they attatched pic for a physical rep of how they are.

I can be logged into (through serial console) the primary 5406 10.3.100.1
I can ping 10.3.100.5 .91 .92 etc.. all my other switches...

BUT when i try to telnet 10.3.100.91 (one of the 2900's) it craps out... drops my right back the the 5406 i'm on.

I know i'm missing something but what...

I have the trunks tagged with vlan190-m (management vlan)

below are teh configs from teh primary 5406 and one of the 2900's

Please advise.

-A


-------------- 5406 ----------

; J8697A Configuration Editor; Created on release #K.11.63

hostname "WA_5400_pri"
snmp-server contact "Systems"
snmp-server location "Renton_Server_Room"
max-vlans 25
module 1 type J8702A
module 2 type J8702A
trunk A1,B1 Trk1 LACP
trunk A2,B2 Trk2 LACP
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "vlan1-d"
untagged A3-A24,B3-B24
ip address 10.3.100.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 10
name "vlan10-d"
ip helper-address 10.3.0.70
ip address 10.3.10.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 20
name "vlan20-d"
ip helper-address 10.3.0.70
ip address 10.3.20.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 30
name "vlan30-d"
ip helper-address 10.3.0.70
ip address 10.3.30.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 40
name "vlan40-d"
ip helper-address 10.3.0.70
ip address 10.3.40.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 50
name "vlan50-d"
ip helper-address 10.3.0.70
ip address 10.3.50.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 90
name "vlan90-d"
ip helper-address 10.3.0.70
ip address 10.3.0.200 255.255.255.0
tagged Trk1-Trk2
exit
vlan 60
name "vlan60-d"
ip helper-address 10.3.0.70
ip address 10.3.60.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 70
name "vlan70-d"
ip helper-address 10.3.0.70
ip address 10.3.70.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 80
name "vlan80-d"
ip helper-address 10.3.0.70
ip address 10.3.80.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 110
name "vlan110-v"
ip helper-address 10.3.0.70
ip address 10.3.110.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 120
name "vlan120-v"
ip helper-address 10.3.0.70
ip address 10.3.120.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 130
name "vlan130-v"
ip helper-address 10.3.0.70
ip address 10.3.130.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 140
name "vlan140-v"
ip helper-address 10.3.0.70
ip address 10.3.140.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 150
name "vlan150-v"
ip helper-address 10.3.0.70
ip address 10.3.150.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 160
name "vlan160-v"
ip helper-address 10.3.0.70
ip address 10.3.160.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 170
name "vlan170-v"
ip helper-address 10.3.0.70
ip address 10.3.170.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 180
name "vlan180-v"
ip helper-address 10.3.0.70
ip address 10.3.180.1 255.255.255.0
tagged Trk1-Trk2
exit
vlan 190
name "vlan190-m"
ip address 10.3.190.1 255.255.255.0
tagged Trk1-Trk2
exit
ip authorized-managers 10.3.0.0 255.255.0.0
primary-vlan 190
management-vlan 190
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree force-version RSTP-operation
password manager

-------------- 2900_02 ---------

; J9050A Configuration Editor; Created on release #T.11.12

hostname "WA_2900_02"
snmp-server contact "Systems"
max-vlans 25
module 3 type J90XXA
trunk 1-2 Trk1 LACP
trunk 3-4 Trk2 LACP
ip default-gateway 10.3.100.1
snmp-server community "public" Unrestricted
vlan 1
name "vlan1-d"
ip address 10.3.100.92 255.255.255.0
tagged A1-A4,Trk1-Trk2
no untagged 5-48
exit
vlan 10
name "vlan10-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 20
name "vlan20-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 30
name "vlan30-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 40
name "vlan40-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 50
name "vlan50-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 90
name "vlan90-d"
untagged 5-48
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 60
name "vlan60-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 70
name "vlan70-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 80
name "vlan80-d"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 110
name "vlan110-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 120
name "vlan120-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 130
name "vlan130-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 140
name "vlan140-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 150
name "vlan150-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 160
name "vlan160-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 170
name "vlan170-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 180
name "vlan180-v"
name "vlan180-v"
ip helper-address 10.3.0.70
tagged A1-A4,Trk1-Trk2
no ip address
exit
vlan 190
name "vlan190-m"
tagged A1-A4,Trk1-Trk2
no ip address
exit
stack commander "WA_2900_02"
primary-vlan 190
management-vlan 190
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree force-version RSTP-operation
password manager
0 Kudos
9 REPLIES 9
Ron Kinner
Honored Contributor

тАО01-17-2007 07:13 AM

тАО01-17-2007 07:13 AM

Re: Management VLAN Questions - stuck

Seems to me that if you want to telnet to a switch you are trying to manage it so that address should be in the management VLAN. Instead, on your 2900 you do not even have an IP address assigned to the management VLAN.

Ron
0 Kudos
psycho.chicken
Regular Advisor

тАО01-17-2007 07:21 AM

тАО01-17-2007 07:21 AM

Re: Management VLAN Questions - stuck

So would it get a 10.3.100.x or a 10.3.190.x
0 Kudos
Ron Kinner
Honored Contributor

тАО01-17-2007 07:57 AM

тАО01-17-2007 07:57 AM

Re: Management VLAN Questions - stuck

Has to be the same subnet that you have on the other 190 LAN so 10.3.190.x

Ron
0 Kudos
Jerome Henry
Honored Contributor

тАО01-17-2007 08:18 AM

тАО01-17-2007 08:18 AM

Re: Management VLAN Questions - stuck

And then you would of course telnet to this 10.3.190.x address, not the 10.3.100.91 one.
You can lean only on what resists you...
0 Kudos
psycho.chicken
Regular Advisor

тАО01-17-2007 08:21 AM

тАО01-17-2007 08:21 AM

Re: Management VLAN Questions - stuck

SO...

the 2900 would have it's hardware address of 10.3.100.91

AND I would give it's vlan190-m address 10.3.190.2

?
0 Kudos
Ron Kinner
Honored Contributor

тАО01-17-2007 09:26 AM

тАО01-17-2007 09:26 AM

Solution

Re: Management VLAN Questions - stuck

Don't know what you mean by hardware address. If you want the maintenance VLAN to be 190 then you have to have an IP address in the same subnet as your coming from on the same VLAN. Just add the IP address to the 190 VLAN and it should work fine.

Ron
Mohieddin Kharnoub
Honored Contributor

тАО01-17-2007 03:49 PM

тАО01-17-2007 03:49 PM

Re: Management VLAN Questions - stuck

Hi

You should Assign an IP address to VLAN190 so it will be part of your management subnet, and use something like: 10.3.190.2/24.

Also:

At the Edge, the general recommendation is for the management VLAN to remain untagged and this does not interfere with using the ports for other tagged Vlans.

Good Luck !!!
Science for Everyone
0 Kudos
psycho.chicken
Regular Advisor

тАО01-17-2007 03:52 PM

тАО01-17-2007 03:52 PM

Re: Management VLAN Questions - stuck

but a computer's port can only be untagged with one vlan, so having a computer on thei vlan makes it worthless to do anything else correct?
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО01-17-2007 04:00 PM

тАО01-17-2007 04:00 PM

Re: Management VLAN Questions - stuck

Hi

If you look to your attached network map, and see the uplink between the switches, HP recommend to keep this UPLINK Untagged for Management Vlan for many reasons :

- Its easy to configure and maintain.
- More scalable when new switches are added at the edge.
- This does not interfere with using the UPLINKS for other tagged VLANs.

I think its clear now, right :)

Good Luck !!!
Science for Everyone
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.