Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 15
Registered: ‎03-18-2013

Management Interface MLXe and 6650ICX

Hi

how can i change the vlan of the Management interface on a MLXe ( Version 5.4.) and ICX Switch

Thanks in advance

regards

Sascha_se

Occasional Contributor
Posts: 8
Registered: ‎03-28-2013

Re: Management Interface MLXe and 6650ICX

Just taking a wild guess here, but the Management interface expects untagged traffic, so it isn't exactly VLAN-aware. You can always change the VLAN ID on the upstream switch, but the VLAN/port to which the MLXe management interface connects, should be configured as untagged.

For example, if the management port were connected to port e3/25 on the upstream switch on VLAN 200, you would configure the following on the switch:

VLAN 1

no untagged e 3/25

!

VLAN 200 name MLX-MGT

untagged e 3/25

!

interface ethernet 3/25

enable

Then again, I may be completely missing the point of your question.

Occasional Contributor
Posts: 15
Registered: ‎03-18-2013

Re: Management Interface MLXe and 6650ICX

Hi Mike thanks for your answer

okay the Mgmt interface expects untagged traffic. But the point is

In your example you have used e3/25

on the MLXe you have only the Management interface

show interfaces management 1

Ethernetmgmt1 is up, line protocol is up

  STP Root Guard is disabled, STP BPDU Guard is disabled

  Hardware is Ethernet

  Configured speed 1Gbit, actual 1Gbit, configured duplex fdx, actual fdx

  Member of VLAN 0 (untagged)

and there it is no opportunity to set the interface untagged in vlan 1 or 200 or whatever

Regards

Occasional Contributor
Posts: 8
Registered: ‎03-28-2013

Re: Management Interface MLXe and 6650ICX

saschaE wrote:

Hi Mike thanks for your answer

okay the Mgmt interface expects untagged traffic. But the point is

In your example you have used e3/25

on the MLXe you have only the Management interface

show interfaces management 1

Ethernetmgmt1 is up, line protocol is up

  STP Root Guard is disabled, STP BPDU Guard is disabled

  Hardware is Ethernet

  Configured speed 1Gbit, actual 1Gbit, configured duplex fdx, actual fdx

  Member of VLAN 0 (untagged)

and there it is no opportunity to set the interface untagged in vlan 1 or 200 or whatever

Regards

I probably didn't make it clear in my example, but e 3/25 is a port on the switch to which the MLXe management port connects. Here's a crude diagram:

Management1 -------------- e 3/25

Does this make sense?

Occasional Contributor
Posts: 15
Registered: ‎03-18-2013

Re: Management Interface MLXe and 6650ICX

Hi

Mh the Mlx and ICX are only for public traffic. Only the Management Interface is connected to our private LAN. So for security reason i would change the VLAN to a standard VLAN ID (ID 0 is not valid) and then i can restrict access (SSH,SNMP) for this vlan

Occasional Contributor
Posts: 8
Registered: ‎03-28-2013

Re: Management Interface MLXe and 6650ICX

Without a network diagram, it's difficult to take this much further. The MLX management interface should connect to a switch port on the ICX, not another out-of-band management interface.

If the public traffic through the ICX is on VLAN 300, you can simply pick a VLAN ID (e.g., VLAN 200) to support the private management LAN. The management interface does not forward frames, rather it is more akin to an end-host that connects to an access switch. The VLAN ID generally isn't configured on the end-host and instead, it is configured on the access switch. The ICX is your access switch in this example.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Management Interface MLXe and 6650ICX

Hi all,

     The dedicated management ports on the Brocade devices cannot be changed from VLAN 0 - these are out of band ports only.

     If you want to setup inband management then;

     Create a new management VLAN (say 20)

     MLX(config)#vlan 20

     MLX(config-vlan20)#untag ether x/y (an unused port on the MLX line cards - could be tagged to if you want)

     MLX(config-vlan20)#management-vlan

     Do the same on the ICX - again from a data port to match the above.

Thanks

Michael.

Occasional Contributor
Posts: 15
Registered: ‎03-18-2013

Re: Management Interface MLXe and 6650ICX

Hi Michael

thanks for your answer. that is good to know.

But it is a little bit difficult in our setup. We have only 4x10Ge ports available. So i cannot use one dedicated 10Ge port for management purposes. So i will use some ACL to secure access and monitoring queries

Thanks

Sascha

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook