0

After un-stacking a Cisco switch in my IBM blade center I can no longer ping the management IP I had configured on my management VLAN. The only item I see that changed is that the Bladecenter AMM added a internal Ethernet management port. There has been some discussion on reddit. Prior to un-stacking this VLAN interface was working.

I still haven't found a resolution that would explain why this isn't working or how to allow access over the current management VLAN. If possible I would like to keep L3 routing off on the switch.

As far as testing I have configured an access port and truck port native to the management VLAN. I connected a laptop with a static IP within the management VLAN range to these ports and was not able to ping or access the swith. When the switch is connected it does pass traffic, as expected, on all ports/VLANs. However I was still unable to ping or SSH the switch directly.

For testing purposes:

  • I have configured an access port and truck port native to the management VLAN, I've configured a laptop with a IP in the management VLAN to connect to these test ports.
  • I've devices on other VLAN are able to connect and pass traffic though this switch.
  • The switch its self cannot ping other devices when using no source, the FE interface as source, or the management VLAN IP as the source.
  • I've removed the management VLAN IP, and configured the FastEthernet port with the management VLAN IP.
    • I suspect this doesn't work as I cannot set a VLAN onto the FastEthernet port
  • I've removed the default gateway with, and without, the VLAN ID configured and with the FasEthernet port configured.

Here is a partial config

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw-7-tsting
!
boot-start-marker
boot-end-marker
!
enable secret ...
!
username ....
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-cbs3110g-s-i
system mtu routing 1500
!
!
ip domain-name abc.def
vtp mode transparent
!
!
crypto pki ...
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree pathcost method long
no spanning-tree vlan 1-4094
!
!
port-channel load-balance src-dst-ip
!
!
vlan internal allocation policy ascending
!
vlan N
 name traffic N
!
vlan NN
 name traffic NN
!
vlan NNN
 name traffic NNN
!
vlan XXX
 name network management
!
ip ssh time-out 60
ip ssh version 2
!
!
!
interface FastEthernet0
 ip address 192.168.x.x 255.255.255.0
!
interface GigabitEthernet1/0/17
 description used to test all vlans
 switchport trunk native vlan XXX
 switchport trunk allowed vlan N,NN,NNN,XXX
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/18
 description used to test network VLAN XXX
 switchport access vlan XXX
 switchport mode access
 switchport nonegotiate
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan XXX
 ip address 10.XXX.200.236 255.255.255.0
!
ip default-gateway 10.XXX.200.1
ip http server
ip http secure-server
!
snmp-server community public RO
snmp-server host 10.XXX.200.30 version 2c public udp-port 161
!
line con 0
line vty 0 4
 login
 transport input ssh
line vty 5 15
 login
!
ntp server 129.6.15.30
end
RunThor
  • 197
  • 2
  • 12

1 Answers1

0

I was eventually able to be able to ping/ssh into the switch. The issue was within the BladeCenter configuration. To addresses this I needed to

  1. Under I/O Modules > Configuration I made sure that the IP assiged to the same IP range as the BladeCenter AMM modual
  2. I/O Modules > Configuration > Advanced Configuration > Advanced Setup you will need to Enable "External management over all ports" and "Preserve new IP configuration on all resets"
  3. Removed all other VLAN interfaces
  4. Reload/ Reboot the switch. If you ping the switch during the boot sequence you may see a "Reply: Destination host unreachable" from the AMM IP address untell the switch is back up.

If the previous steps did not work you may need to activate Protected Mode in I/O Modules > Admin/Power/Restart. After selecting "Perform action" the following message will be showed. You have selected to enable protected mode on I/O module(s) 10.

Protected mode allows you to limit the actions that an MM user can perform on an I/O module. Specifically, the following actions
cannot be performed on the MM user interfaces while an I/O module is in protected mode. These actions can only be performed
using the native management interface of the selected I/O module in protected mode.

Changing the I/O module IP configuration (IP address, subnet mask, gateway)

Resetting the I/O module settings to their factory defaults

Changing the I/O module external port settings

Changing the I/O module external management settings

Note that activating protected mode on an I/O module is a two step process. Once protected mode is enabled on this page, you
must access the native management interface of the selected I/O modules and activate protected mode there. After this second
step, protected mode becomes fully activated, and the actions listed above can no longer be performed on the MM user interfaces.
Also note that, once protected mode is fully active on an I/O module, it cannot be disabled using the MM user interfaces. It has 
to be disabled on the I/O module's native management interface first.
If you want to enable protected mode on the selected I/O modules, click the "Enable Protected Mode" button. Otherwise click the
"Cancel" button.

Protection Mode to protect the network components from the BladeCenter AMM. If a switch is stacked this will be activated be default.

RunThor
  • 197
  • 2
  • 12