For more details, please see ourCookie Policy.

Ethernet Switches & Routers

New Contributor
Posts: 3
Registered: ‎08-15-2013

can't access management vlan

Have a ICX6430 with a management vlan of 42, data vlan of 12. Previously this was behind a Fortigate and we could access the management IP of the switch no problem. Upgraded to a Meraki MX64 and can't access the switch any more. The Meraki has vlan 42 as the Native VLAN in trunk mode with all VLANs on it. Thoughts?


vlan 1 name DEFAULT-VLAN by port
vlan 12 by port
tagged ethe 1/1/1 to 1/1/22 ethe 1/1/24
vlan 22 by port
tagged ethe 1/1/1 to 1/1/16 ethe 1/1/24
vlan 32 by port
tagged ethe 1/1/17 to 1/1/22 ethe 1/1/24
vlan 42 name mgmt by port
tagged ethe 1/1/1 to 1/1/24
default-gateway 1
vlan 52 by port
tagged ethe 1/1/24
vlan 62 by port
tagged ethe 1/1/1 to 1/1/22 ethe 1/1/24
aaa authentication web-server default local
aaa authentication login default local
hostname ICX6430
ip address
no ip dhcp-client enable

Frequent Contributor
Posts: 137
Registered: ‎07-20-2015

Re: can't access management vlan

I was playing around with this yesterday.


Okay, so management-vlan simply limits the managemnt of that device to be accessible only via that one VLAN, and it necessitates the default-gateway be defined within the VLAN instead of globally.


That said the IP address is still defined globally.


Your switch is with a gateway that is


As you know the gateway has to be in a routing table that is accessible (i.e. not blocked by ACLs or anything), but this configureation is perfectly good.




The only possible situation I see is that you have


tagged ethe 1/1/1 to 1/1/24



The Meraki device you have would need to be set to do dot1q as Cisco calls it or 802.1q setting up a Trunk (their terminology for a Tagged port) on vlan 42.



Otherwise you would need to change that one interface to be untagged (i.e. it would connect to an Access port)



Now, I see the tagged port overlaps a lot of VLANS.  These are the allowed VLANs on the Trunk.  Any given frame can have only one VLAN tag or be untagged.


Youl could use dual-mode on the Brocade to specifically make a port put its untagged traffic into a VLAN of your choosing.  This is the same as native VLAN terminology.


On whatever interface is attached to your Meraki try:



interface ethe 1/1/x

dual-mode 42





Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.