HPE Community
HPE Aruba Networking & ProVision-based
1830505 Members
2421 Online
110006 Solutions
New Discussion

Unable to ping or manage switch 5308xl after changing the management VLAN

 
SOLVED
Go to solution
toffa99
Occasional Visitor

‎02-18-2013 08:21 AM

‎02-18-2013 08:21 AM

Unable to ping or manage switch 5308xl after changing the management VLAN

Hi,

I have recently tried to change the management VLAN on all our switches.  I Have successfully changed it on all edge switches using the command

 

management-vlan 300

 

I have now done the same on the core switch (5308xl) but soon as I did I lost connection on this vlan, unable to ping or manage the switch.  Other VLANS are up OK but VLAN 300 is down.  I can no longer connect to the switch to manage it on any vlan.  It seems that it registers the connection through SSH but just sits there.  I'm at a situation where I will probably reboot the switch to drop the config back to the last saved but does anyone have any idea what might have gone wrong?

 

Any Ideas?

0 Kudos
5 REPLIES 5
paulgear
Esteemed Contributor

‎02-19-2013 01:04 PM

‎02-19-2013 01:04 PM

Re: Unable to ping or manage switch 5308xl after changing the management VLAN

Hi toffa99,

If a VLAN says it's down, it means that all of the ports in it are down. Try manually adding VLAN 300 (tagged or untagged) on one of your inter-switch links.
Regards,
Paul
0 Kudos
toffa99
Occasional Visitor

‎02-20-2013 12:35 AM

‎02-20-2013 12:35 AM

Re: Unable to ping or manage switch 5308xl after changing the management VLAN

Hi,

Thanks for the reply but it is not simply a problem of not tagging ports let me explain some more.

The VLAN is tagged on all inter switch links.  The switches are pingable via vlan 300 and I can connect to them using this vlan including the core.  The problem happens when I try and set the management-vlan to 300, as soon as I commit this the switch becomes unmanageable and I lose ping on the vlan 300. Here is some of the config of the core to give you a better idea.

 

Core

vlan 300
   name "Switches"
   ip address 10.20.0.1 255.255.255.0
   tagged B9,C1,C11-C13,G1-G4,H1,H3
   exit

 So 10.20.0.1 is pingable and I can manage the switch via SSH.  I now alter the primary vlan from 1 to 300 on all switches, core switch last.

primary-vlan 300

 This works OK and sets on all switches as expected, 10.20.0.1 is still pingable and manageable at this point.

I now set the management vlan to 300

management-vlan 300

 This works OK on all edge switches.  I then set it on the core 5308xl and bang, I can no longer ping 10.20.0.1 or manage the switch on any of the other vlan IP, although I can still ping all other vlans.  I'm wondering if the differnce on the core is that I have no untagged ports on vlan 300 only tagged, but this is the same as the edge switches and it works OK on them.

 

Does anyone have any more ideas?

0 Kudos
paulgear
Esteemed Contributor

‎02-21-2013 04:09 PM

‎02-21-2013 04:09 PM

Re: Unable to ping or manage switch 5308xl after changing the management VLAN

Which address are you pinging from?
Regards,
Paul
0 Kudos
toffa99
Occasional Visitor

‎02-22-2013 01:45 AM

‎02-22-2013 01:45 AM

Re: Unable to ping or manage switch 5308xl after changing the management VLAN

Any Subnet I try from 10.20.0.1 will not respond

0 Kudos
Chrisd131313
Trusted Contributor

‎02-22-2013 02:32 AM

‎02-22-2013 02:32 AM

Solution

Re: Unable to ping or manage switch 5308xl after changing the management VLAN

Hi Toffa99,

 

you won't be able to route between the management VLAN and other VLANs, that is an inherant function of the management VLAN - to keep it secure. If you are able to access the switches from a port which is a member of the management VLAN then it is working as expected.

 

Just make sure that if you have tagged ports in the management VLAn that the workstations attached to the ports have 802.1q comploant NICs and you should then be fine.

 

But you shouldn't be able to route to any other VLAN from the management VLAN and vica versa.

 

Extract from the Advanced Traffic Management Guide...

 

Operating Notes for Management VLANs

Use only a static, port-based VLAN for the Management VLAN.

The Management VLAN feature applies to both IPv4 and IPv6 traffic.

The Management VLAN does not support IGMP operation.

Routing between the Management VLAN and other VLANs is not allowed.

.... There are more points, but the routing one is the significant one in your case.

 

HTH

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.