HPE Community
Switches, Hubs, and Modems
1752800 Members
5607 Online
108789 Solutions
New Discussion юеВ

Re: Management of ProvisionAsic Based Switches

 
cconsult
Occasional Contributor

тАО06-02-2009 02:26 AM

тАО06-02-2009 02:26 AM

Management of ProvisionAsic Based Switches

Hi folks,

The Management VLAN of my Switches is not VLAN 1 (the default vlan). I have 2 zl8212 acting as router with VRRP. One does the odd vlans (it is the root for the mst instance for all odd vlans) and the other does the routing of the even vlans (spanning-tree root for this instance).
Now I get an issue with a third switch that has connections to both coreswitches. I can't reach one core, because the learned MAC address is on the blocked Port. This happens, because the management comes routed through vlan 1.
Unfortunately the Routers answers to a ping or telnet always with there IP in VLAN 1 and therefor locally routed !!

Is there way to change the "default vlan" or the "management vlan" ? (Manual says "NO") ?

If I disable the second (redundant and blocked) Uplink everything is fine (of course) !
0 Kudos
7 REPLIES 7
cenk sasmaztin
Honored Contributor

тАО06-02-2009 03:15 AM

тАО06-02-2009 03:15 AM

Re: Management of ProvisionAsic Based Switches

yes it is possible change managent vlan

managemet vlan and default vlan be happen different term.

default vlan ;factory default existent vlan
managemt vlan ;for security network switch managemet vlan

you can change managemet vlan with this command
(config)# management-vlan 99
it not enable switch factory default setting this option so vlan 1 not managemt vlan only default vlan on new switch

if you want open managemet vlan feature
you must be declare managemet vlan command
(for vlan 1 or any vlan )

but as for me your config issue
please send me two core siwtch and one edge switch sh run print
cenk

0 Kudos
cconsult
Occasional Contributor

тАО06-02-2009 03:33 AM

тАО06-02-2009 03:33 AM

Re: Management of ProvisionAsic Based Switches

The "management vlan" setting disables routing to or from this VLAN as a security feature as far as I know.
So this won't help me.
I need to set the management ip address of the switch to a different vlan than "1".
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-02-2009 06:03 AM

тАО06-02-2009 06:03 AM

Re: Management of ProvisionAsic Based Switches

if you want assign ip address on any vlan and (don't use managemet vlan commad)
you can config switch with other vlan address
but managemet pc must be connect this vlan untag port
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-02-2009 06:06 AM

тАО06-02-2009 06:06 AM

Re: Management of ProvisionAsic Based Switches

but very unsecured method

unadvisable

management vlan must be routing and user insulating vlan
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-02-2009 06:08 AM

тАО06-02-2009 06:08 AM

Re: Management of ProvisionAsic Based Switches

as for me your problem is not this
cenk

0 Kudos
Olaf Borowski
Respected Contributor

тАО06-15-2009 06:51 AM

тАО06-15-2009 06:51 AM

Re: Management of ProvisionAsic Based Switches

Can't you just create a new vlan (999) for management and don't run VRRP on it? This way, you can manage each switch individually (by IP) and not bother with the VIPs.
0 Kudos
Kevin Richter_1
Valued Contributor

тАО06-18-2009 10:48 AM

тАО06-18-2009 10:48 AM

Re: Management of ProvisionAsic Based Switches

There are multiple, related (but different) concepts regarding "management" vlans. Vlan 1 is the default vlan and, by default, the primary vlan. You cannot change the default vlan (what is the default), but you can change the primary vlan. Most "management" functions such as stacking will be attempted first in the primary vlan.

The management vlan is a security feature. As mentioned, it will prevent routing to and from the management vlan. Doesn't sound like what you want.

Start with making something other than vlan 1 the primary vlan. If no luck there, I'm with Olaf in suggesting you just don't assign an IP to vlan 1 if you don't want pings and related communcations passing in that vlan.
Check the cabling. Next, check the cabling again.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.