- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Management VLAN routing problem on 5304
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2008 03:55 AM
09-29-2008 03:55 AM
Re: Management VLAN routing problem on 5304
it's cisco firewall.
Before 5304 was manageable over any of it's interfaces, by defining VID9 as management I wanted to restrict it to only one and also keep it accessible from other networks, that's why static route to reach it over external router/firewall.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2008 04:30 AM
09-29-2008 04:30 AM
Re: Management VLAN routing problem on 5304
but if you write static routing command vlan 9 (L3 interface) between other L3 interface (router or firewall) able routing vlan 9
if you can want protech managemet
if you can want remote control your network switch
you can use
managemet vlan
ip authorize manager
ssh
ssl
acl for managemet vlan network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2008 04:37 AM
09-29-2008 04:37 AM
Re: Management VLAN routing problem on 5304
Issuing the management-vlan command will have several effects:
ô First, it disables the ability for a switch to receive management traffic on any
IP address other than the one assigned to the management VLAN.
When you attempt to connect to the switch by specifying any other IP address
other than the one assigned to the Secure Management VLAN, you will
receive a typical error message for the application you are using (Telnet,
SSH, or web browser) indicating a connection could not be established. It
will appear not unlike a situation where a typical network disruption appears
to be the problem.
For example, for Telnet you will receive a message similar to the following:
â Connecting To 10.1.2.1...Could not open connection to the host, on
port 23: Connect failedâ .
ProCurve Device Management Security
Rev. 7.31 2 â 187
ô Second, it disables any communication from outside the Secure Management
VLAN network.
Hidden ACLs are placed on the Secure Management VLAN, preventing any
and all network traffic from getting into Secure Management VLAN. So, for
example, you will not be able to ping the IP address of the Secure
Management VLAN from an IP address associated with any other VLAN.
In the case of a ping command, you will receive a â Request timed-outâ error
message.
ô Third, it will allow management stations within the Secure Management
VLAN to source IP packets from that VLAN. For example, a management
station will be able to ping destinations in other user VLANs.
Operating notes for a Secure Management VLAN
ô You can only use a static, port-based VLAN for the Secure Management
VLAN.
ô The Secure Management VLAN does not support IGMP.
ô If there are more than 25 VLANs configured on the switch, reboot the switch
after configuring the Secure Management VLAN.
ô If you implement a Secure Management VLAN in a switch mesh
environment, all meshed ports will be members of the Secure Management
VLAN.
ô Only one Secure Management VLAN can be defined on a switch. If one
Secure Management VLAN ID is saved in the startup-config file and you
configure a different VLAN ID in the running-config file without saving the
running-config to the startup-config, then the switch uses the running-config
version until you reboot the switch, at which time the Secure Management
VLAN will revert to the one in the startup-config.
ô During a management session with the switch, if you define the Secure
Management VLAN that excludes the port through to which you are
connected on the switch, you will continue to have access only until you
terminate the session by logging out or rebooting the switch.
ô Enabling Spanning Tree Protocol where there are multiple links using
separate VLANs, including the Secure Management VLAN, between a pair
of switches, Spanning Tree will force the blocking of one or more links. This
may include the link carrying the Secure Management VLAN, which will
cause loss of management access to some devices.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2008 05:21 AM
09-29-2008 05:21 AM
Re: Management VLAN routing problem on 5304
VLAN network. "
Is it true even using external router? Let's say I have several SNMP servers, located in different networks, so the only server able to reach switch is the one from management VLAN ip range? And what about desktops, located in management VLAN, isolated from outside?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2008 11:22 PM
10-02-2008 11:22 PM
Re: Management VLAN routing problem on 5304
1.restrict management access to only one VLAN, instead of many VLAN IP interfaces on my core 5304 switches. This is done by management VLAN statement.
2.Keep management VLAN accessible from other VLANs over external router/firewall, that means management VLAN 9 should be accessible from let's say VLAN 5 over static route to external router/firewall. At the moment static route can't be inserted into routing table, as same network is already there as 'connected', regardless it is defined as 'management'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2008 11:37 PM
10-02-2008 11:37 PM
Re: Management VLAN routing problem on 5304
I do not think you accomplish both those things when using the management-vlan command, since that actually forbids any connections from outside this perticular VLAN.
A solution would be to define some random VLAN with a IP address, but NOT as a "hard" management-vlan, and define your own accesslists which only allows telnet/ssh/snmp traffic from your desired VLANs, and the set up the correct routing on the switch and on your firewall.
- « Previous
-
- 1
- 2
- Next »