Ethernet Switches & Routers

Reply
prk
New Contributor
Posts: 3
Registered: ‎08-15-2013

can't access management vlan

Have a ICX6430 with a management vlan of 42, data vlan of 12. Previously this was behind a Fortigate and we could access the management IP of the switch no problem. Upgraded to a Meraki MX64 and can't access the switch any more. The Meraki has vlan 42 as the Native VLAN in trunk mode with all VLANs on it. Thoughts?

 

vlan 1 name DEFAULT-VLAN by port
!
vlan 12 by port
tagged ethe 1/1/1 to 1/1/22 ethe 1/1/24
!
vlan 22 by port
tagged ethe 1/1/1 to 1/1/16 ethe 1/1/24
!
vlan 32 by port
tagged ethe 1/1/17 to 1/1/22 ethe 1/1/24
!
vlan 42 name mgmt by port
tagged ethe 1/1/1 to 1/1/24
management-vlan
default-gateway 10.200.42.1 1
!
vlan 52 by port
tagged ethe 1/1/24
!
vlan 62 by port
tagged ethe 1/1/1 to 1/1/22 ethe 1/1/24
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
jumbo
hostname ICX6430
ip address 10.200.42.2 255.255.255.0
no ip dhcp-client enable

Frequent Contributor
Posts: 134
Registered: ‎07-20-2015

Re: can't access management vlan

I was playing around with this yesterday.

 

Okay, so management-vlan simply limits the managemnt of that device to be accessible only via that one VLAN, and it necessitates the default-gateway be defined within the VLAN instead of globally.

 

That said the IP address is still defined globally.

 

Your switch is 10.200.42.2/24 with a gateway that is 10.200.42.1/24

 

As you know the gateway has to be in a routing table that is accessible (i.e. not blocked by ACLs or anything), but this configureation is perfectly good.

 

**********

 

The only possible situation I see is that you have

 

tagged ethe 1/1/1 to 1/1/24

 

 

The Meraki device you have would need to be set to do dot1q as Cisco calls it or 802.1q setting up a Trunk (their terminology for a Tagged port) on vlan 42.

 

 

Otherwise you would need to change that one interface to be untagged (i.e. it would connect to an Access port)

 

 

Now, I see the tagged port overlaps a lot of VLANS.  These are the allowed VLANs on the Trunk.  Any given frame can have only one VLAN tag or be untagged.

 

Youl could use dual-mode on the Brocade to specifically make a port put its untagged traffic into a VLAN of your choosing.  This is the same as native VLAN terminology.

 

On whatever interface is attached to your Meraki try:

 

 

interface ethe 1/1/x

dual-mode 42

 

 

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook