Skip to main content
Start a Conversation

Solved!

Go to Solution

Rob Burrowes

1 Rookie

 • 

71 Posts

3876

August 3rd, 2020 13:00

Routing interaction between management port and management vlan traffic passing through the switch

I have a VLTi pair of S3048-ON OS9 switches as the core of my management network to the idracs, and to all the switch management ports.  I just changed the core switches to a new set of S3048-ONs, and my connectivity to the management vlan became intermittent (partial ping loss and inability to maintain an ssh connection to the switch). 

I finally tracked it down to the network mask on the management ports of the new S3048s being wrong.  I found this odd, as it meant that vlan traffic through the switch must have been routed through the management port. 

     server pinging an ip address on the mng vlan mask /22

       |

i.e. switch1 --- mng vlan --- switch2 --- mng-vlan -- switch3 
         mgt Port                 mgt port             switch ports
         mask /22                mask wrong /24         
          |_________________________|____________________| 
 Switch 3 connects to all mng ports on the other switches

I also see odd behaviour on another S5248F (OS10) where the management port is inaccessible from some parts of the network, but accessible from other parts. All the management traffic is being carried through S3048-ONs running OS9.

So should traffic, that is passing through an OS9 switch, interact with the management port that is plugged into the same vlan (though on another switch)?

Does the spanning tree see the management port interfaces traffic. i.e. could traffic to a management port be being blocked due to a loop between the management interface and the same vlan on the switch?

Rob Burrowes

1 Rookie

 • 

71 Posts

April 16th, 2021 15:00

Rob Burrowes

1 Rookie

 • 

71 Posts

August 3rd, 2020 15:00

Sorry, the two core switches are S4048-ONs. 

DELL-Josh Cr

Moderator

 • 

9.2K Posts

August 3rd, 2020 17:00

Hi Rob,

Any sort of broadcast traffic on that VLAN is potentially going to interact with the management VLAN, the management port on this switch has a separate routing table. Page 44 https://dell.to/3gs74BF So I don’t think it will be treated as a loop by spanning-tree and will allow a loop to exist.

Rob Burrowes

1 Rookie

 • 

71 Posts

August 3rd, 2020 20:00

I'm trying to understand why having the wrong network mask on the management interface, somehow caused problems from traffic not bound for that network address.  

The wrong management net mask was on switch2. The traffic should have entered switch1, passed through switch2, and been sent onto switch3.  The target IP address being connected to switch3.  Instead, there was massive ping loss.

The IP address of switch2's management interface is on the same subnet as the target address, and switch2's management interface is connected to a port on switch3.

As soon as I changed the mask on the management interface, the network returned to normal.  

 

DELL-Josh Cr

Moderator

 • 

9.2K Posts

August 4th, 2020 10:00

It sounds like it created a loop and a broadcast storm.

Rob Burrowes

1 Rookie

 • 

71 Posts

August 4th, 2020 13:00

Yes, that is how it behaved.  It affected more than just the traffic through the management vlan. 

 

DELL-Josh Cr

Moderator

 • 

9.2K Posts

August 4th, 2020 13:00

It may have been using up all of the CPU resources and that is why it affected other traffic.

 

Rob Burrowes

1 Rookie

 • 

71 Posts

April 20th, 2021 17:00

Worth noting, that the Dell solutions are both problematic. 

The issue being, that the MAC address of the management port of the affected switch models is the same as the main switch MAC. This causes MAC flapping between the management port and switch ports, which causes traffic loss to the management port.

Dell Solutions:

  1. You don't give the management ports on the affected switches an IP address
    • But you need an IP and the management interface in a VLTi environment, though you could have dedicated cables between the VLTi switches. 
    • You lose the ability to update the switch via the management interface.
    • You can still give a vlan an IP, and talk to the switch in band.
  2. You don't trunk the management VLAN through switches that also have the management port connected (Which is very limiting, and for us, pretty much impossible).

Or (unstated) you accept the random flapping, which can get really annoying.

Rob Burrowes

1 Rookie

 • 

71 Posts

April 24th, 2021 01:00

My solution has been to use L3 routed subnets, to seperate each of the switch management ports from the rest of the switch ports, to avoid the MAC flapping.  

i.e. I created a separate vlan, unique to each switch that connects to other switches' management ports, giving each of these vlans an IP address.  Only the ports connecting to the other switch's management ports, are on these VLANs,  so there is no longer two possible paths to the same MAC, within these L2 VLANs. I am still adding these vlans to trunks, so they go back to a common router.

I no longer get connection issues to the management ports.  I had had one switch I could never talk to, except through an inband IP.  I had others that had intermittent connectivity.

 

 

csashwink

2 Posts

July 18th, 2023 08:00

I am new to Dell Networking!

I am running into the same problem - Dell S5200 (OS10) on VLTi pairs and mgmt/1/1 connecting to another Dell N2200 Series (OS6.8.1), the mgmt VLAN is allowed via vlt-port-channel and mgmt1/1 is configured with the IP address. I am experiencing MAC flapping and at one point no VLTi switch is reachable through the Management port.

I enabled vrf 'management' and tried to add mgmt 1/1/1 to the VRF, no success.

Is there a new workaround in OS10 instead of creating the management VLAN in-band or rather removing the Mgmt VLAN from VLT port-channel.

Was this post helpful?

View All

No Events found!

Top