- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Using a separate vlan for management (not "Secure ...
Switches, Hubs, and Modems
1752800
Members
5634
Online
108789
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2010 08:16 AM
02-23-2010 08:16 AM
Using a separate vlan for management (not "Secure Management VLAN"
Hi,
We're currently using 4 procurve 2900 and 2 2610 switches and everything is fine up to now. However, We'd like to put all our management interfaces (switches, iLo, etc) in the vlan 1 (that has no equipment on it right now) instead of its current vlan, which is our LAN vlan (bad practice). For now, we don't have a dedicated management station, so we must be able to access the web and ssh interface of the switches through a firewall (CheckPoint NGX R65).
I've added the IP addresses and changed the default gateway and now the switches can ping themselves and we can ping the switches from the sysadmins workstations. However, we cannot access the switch via web-management or ssh, but from the firewall, we can.
The secure management vlan is disabled (when I enable it, I cannot ping the switch at all).
The firewall is configured to allow all traffic from the sysadmin's workstations to the management vlan. In the firewall log, we can see "Unexpected post SYN packet - RST or SYN expected tcp_flags: ACK", and if I disable the "drop out of state TCP packets", everything works fine.
Anyone has an idea of what could be happening? Can the SSH daemon be buggy? Here is the output of "sh ve"
Image stamp: /sw/code/build/mbm(t3a)
May 6 2009 06:39:29
T.13.63
867
Boot Image: Primary
Thanks,
We're currently using 4 procurve 2900 and 2 2610 switches and everything is fine up to now. However, We'd like to put all our management interfaces (switches, iLo, etc) in the vlan 1 (that has no equipment on it right now) instead of its current vlan, which is our LAN vlan (bad practice). For now, we don't have a dedicated management station, so we must be able to access the web and ssh interface of the switches through a firewall (CheckPoint NGX R65).
I've added the IP addresses and changed the default gateway and now the switches can ping themselves and we can ping the switches from the sysadmins workstations. However, we cannot access the switch via web-management or ssh, but from the firewall, we can.
The secure management vlan is disabled (when I enable it, I cannot ping the switch at all).
The firewall is configured to allow all traffic from the sysadmin's workstations to the management vlan. In the firewall log, we can see "Unexpected post SYN packet - RST or SYN expected tcp_flags: ACK", and if I disable the "drop out of state TCP packets", everything works fine.
Anyone has an idea of what could be happening? Can the SSH daemon be buggy? Here is the output of "sh ve"
Image stamp: /sw/code/build/mbm(t3a)
May 6 2009 06:39:29
T.13.63
867
Boot Image: Primary
Thanks,
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2010 04:52 AM
02-24-2010 04:52 AM
Re: Using a separate vlan for management (not "Secure Management VLAN"
That is weird, as I was preparing for some debug operations specified by CheckPoint's staff, It started working correctly. Sorry for the noise.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP