Ethernet Switches & Routers

Reply
New Contributor
momdad
Posts: 4
Registered: ‎11-20-2012

ICX6450 access via SonicWall SSL VPN

We just setup a new network and have come across an odd situation.  If I am onsite and connected directly to the switch or connected via a wireless AP, I can ping and telnet and web into the Brocade.  However, when I am at home and using the SonicWall NetExtender application, which is SSL VPN, I can see all of my devices EXCEPT the Brocade switch.  No ping, no telnet and no web access to the Brocade.  If I remote into the SonicWall from home, I can use its internal diagnostics to send a ping to the Brocade and that works.

Is there any type of config on the Brocade that would somehow block SSL VPN traffic?

Thanks, Jeff

Occasional Contributor
RonaldE
Posts: 7
Registered: ‎10-02-2009

Re: ICX6450 access via SonicWall SSL VPN

Jeff,

It doesn't block anything.

Make sure you have the mgmt vlan and default-gateway set properly.

Also check if you connect on ssh/telnet and make sure it's open in the Sonicwall

-Ronald

New Contributor
momdad
Posts: 4
Registered: ‎11-20-2012

Re: ICX6450 access via SonicWall SSL VPN

I take it that these are settings on the Brocade, right?  It is a very basic config with VLAN by port settings.  Here is some extracts of the config.  Ports 36, 41 and 42 are APs and port 48 is the connection to the SonicWall.  Am I just missing some simple setting?  Again, whether I am on-site, on the local wireless or SSL VPN in to the "180" network, I can access the devices on those ports and the Brocade, but I cannot ping nor access the Brocade during an SSL VPN session.  Thanks, Jeff

vlan 1 name DEFAULT-VLAN by port

!

vlan 180 name Management_Internet by port

tagged ethe 1/1/36 ethe 1/1/41 to 1/1/42 ethe 1/1/48

untagged ethe 1/1/45 to 1/1/46

!

ip address 192.168.180.2 255.255.255.0

ip default-gateway 192.168.180.1

Occasional Contributor
RonaldE
Posts: 7
Registered: ‎10-02-2009

Re: ICX6450 access via SonicWall SSL VPN

Jeff,

I assume you run layer2 only?

In that case, do the following:

conf t

vlan 180

management-vlan

default-gateway 192.168.180.1 1

end

That should be it.

Ronald

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: ICX6450 access via SonicWall SSL VPN

Hi Jeff,

     When you VPN in I take it you are on a different subnet (something other then 192.168.180.x)?  If that is true then ether point the default gateway (on the Brocade box) to the sonicwall box or add a static route on the brocade box for that network pointing to the sonicwall as the nexthop.

Thanks

Michael.

New Contributor
momdad
Posts: 4
Registered: ‎11-20-2012

Re: ICX6450 access via SonicWall SSL VPN

Ronald- This switch is running Layer3.  I am not quite sure I understand the "management-vlan" command.  Can you clarify its use?

Michael- When I SSL VPN into the SonicWall, I have it configured so that I get a 192.168.180.98 IP address.  Nothing else is assigned this address in the subnet and the DHCP scope starts at 200.

Since I am not local to the site, any changes that would need to be done to the Brocade involves the staff moving a laptop into the rack and connecting it directly.  Kind of a pain and it takes a bit of time.

Thank you both!

Jeff

Occasional Contributor
RonaldE
Posts: 7
Registered: ‎10-02-2009

Re: ICX6450 access via SonicWall SSL VPN

In case you use l2 only, you need the mgmt-vlan.

If you run L3, you need tyo specify a router-interface under the vlan.

Conf t

vlan 180

router-interface ve 180

exit

int ve 180

ip address 192.168.180.2 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 192.168.180.1

end

wr mem


That should be it.


Ronald

New Contributor
momdad
Posts: 4
Registered: ‎11-20-2012

Re: ICX6450 access via SonicWall SSL VPN

Thank you for all of the helpful information.  It is very much appreciated!  We finally had time to move the laptop and get a remote connection to the Brocade.  I started simple and just tried the "config t - vlan 180 - management-vlan" and that did the trick.  I can now NetExtend in via the SonicWall and can telnet/web to the Brocade.  I checked with my network integrators and they indicated that they never had to use that command at other jobs.  But, hey, it is working for me!

One other quick question if I may.  How do you download the configuration from the Brocade onto a local PC (for backup purposes)?  I am thinking maybe TFTP or something?

Thanks, Jeff

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: ICX6450 access via SonicWall SSL VPN

Hi Jeff,

     Glad you got it working.  to backup the startup config enter the following the enable level prompt.

swtich#copy startup-config tftp a.b.c.d backup.txt

Where a.b.c.d is your tftp server.

Thanks

Michael.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.