Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 2848 Management VLAN Communication

SOLVED
Go to solution
nchan
Occasional Visitor

Procurve 2848 Management VLAN Communication

Having trouble with communications between vlans. Have a basic setup with 4 vlans, each with an ip address and ip routing on. With my setup, whichever vlan is the Management vlan, the other vlans cannot communicate with it. I am thinking it is a simple setting, but I am just not reading the right stuff. Guessing its some sort of security setting.

Thanks for your help in advance.
6 REPLIES
Kell van Daal
Respected Contributor
Solution

Re: Procurve 2848 Management VLAN Communication

Hi Nathan,

The function of the management VLAN is to make a secure VLAN for management. One of the ways it is secured, is by making sure other VLAN's do not have access to the management VLAN.
So this is a feature of the management VLAN.

You can read about it in chapter 2 of the Advanced Traffic Management guide: ftp://ftp.hp.com/pub/networking/software/2600-2800-4100-6108-AdvTraff-Oct2005-59908853.pdf

Why do you want to use the management VLAN? Maybe there are other ways to accomplish what you want with it.
nchan
Occasional Visitor

Re: Procurve 2848 Management VLAN Communication

I was just hoping there was a way I could get to the management vlan to work on the switches without having to set something up like router on a stick. We are working on vlaning our network (poor setup from previous staff). I was hoping to keep most traffic on the switches, but if I have to, I am guessing the only way to get to the Management vlan is through router on a stick for the IT vlan. Thanks.
Kell van Daal
Respected Contributor

Re: Procurve 2848 Management VLAN Communication

Can you tell me what the reason is for using the management VLAN? Because it is not mandatory to use it. If you don't have a management VLAN, you can manage the equipment on any interface.
You could then use authorized IP managers to control who (what IP addresses) are allowed to manage the switches.
nchan
Occasional Visitor

Re: Procurve 2848 Management VLAN Communication

Just going to be using it for managing the switches. Not to big of a concern.

EXAMPLE
vlan 10 (IT)
vlan 20 (Management) Set as Management
vlan 30 (Servers)
vlan 40 (Printers)
vlan 50 (Desktops)

My understanding was that the Management vlan ip address was the only way to manage the switches. No switch interfaces will be set within this vlan.

The main concern was how the IT staff could configure the switches if the vlan that IT was on and the Management vlan could not communicate between each other. I am thinking if I set up the IT vlan and Management vlan on a router on a stick config, (sub-interfaces on one port for each vlan on a router) the IT and Management vlan will be able to talk.
Kell van Daal
Respected Contributor

Re: Procurve 2848 Management VLAN Communication

If you don't assign a management VLAN, you can perform management duties (telnet, ssh, snmp etc) on each VLAN's IP address.
The management feature is for making extra security regarding management, by making one VLAN only accessible from within that VLAN.

The router on a stick solution will not work with a management VLAN also, because this is part of that feature. From the manual:

Configures a secure Management VLAN by creating an isolated network for managing the following ProCurve switches that support this feature:
â ¢
Series 2600 switches â ¢ Series 4100gl switches
â ¢
Series 2600-PWR switches â ¢ Series 5300xl switches
â ¢
Series 2800 switches â ¢ Switch 6108
â ¢
Series 3400cl switches
Access to this VLAN, and to the switchâ s management functions (Menu, CLI, and web browser interface) is available only through ports configured as members.
â  
Multiple ports on the switch can belong to the Management VLAN. This allows connections for multiple management stations you want to have access to the Management VLAN, while at the same time allowing Management
VLAN links between switches configured for the same Management
VLAN.
â  
Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.
--------------------------------------------

So if you want to be able to manage the switches from a VLAN that is also used as a production VLAN, you will need to remove the management VLAN. If you still want to control access to the management features, use the authorized IP managers feature.

I hope this cleared things up.
nchan
Occasional Visitor

Re: Procurve 2848 Management VLAN Communication

Thanks for all your help Kell.

I read that guide and everything is making sense now. I thought from everything else I had read that there had to be a Management vlan.

Putting PC's in the management vlan though basically makes those pc's worthless for anything but configuring the switches so I will just have to shut off the management vlan.

Thanks again.