Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2835 Discussions

Using vPro across vlans

idata
Employee
‎09-15-2009 02:00 PM
1,736 Views

Does anybody have this working? I can easily provision a device when on the same vlan as provisioning server. If I try from a vlan it is connected enough to know if I typo the PID or PPS, but that's it. I can browse the webui to a provisioned machine only from same vlan. No firewalls in play. Simple Cisco 6509 core with no extra blocks in place. I'm using LANDesk core as my provision server. Enterprise mode, DHCP. AMT versions 3 and 5 tested with same results. I can telnet across vlans (to verify port listening) to simple ports like 8081, but not 16993. I CAN telnet and verify port 16993 listening from another machine on same vlan.

0 Kudos

Link Copied

2 Replies
idata
Employee
‎09-21-2009 07:27 AM
451 Views

I have my issue resolved.

In our situation we can't configure default gateways (per PCI auditors) so our default vlan gateways are configured using option 249 Classless Static Routes in our DHCP server. Normal DHCP default gateway setting is configured using 003 Router. Once I configured a default gateway on a vlan DHCP Scope using 003 Router I was able to provision across vlans, browse across, and administer using LANDesk console.

The reason I assumed we had full two-way network connectivity was the fact that if I incorrectly entered a PID or PPS while provisioning on a vlan client it displayed "incorrect entry" so somehow it was able to verify this against the provision server (different vlan) since I was using PID and PPS info I generated.

0 Kudos
Copy link
idata
Employee
‎09-21-2009 11:13 AM
451 Views

Hi 5DANdesk I just finished working with a company with a similar issue - they ran vLan and successfully deployed/provisioned and managed the clients , then they created "Y" vLan and lost there ability to manage or discover - we need to review the basics so bear with me for a minuteW5

1. you have a switch between the vLans, did you confirm all necessary ports are open - 16992 etc... including the provisioning port? sounds like you did

2. did you set the new boundaries of the IP range on your DHCP server?

now the tircky stuff

vPro does pull default gateway information from the DHCP server. In our situation we can't configure default gateways (per PCI auditors) so my customers environment the default vlan gateways are configured using option 249 Classless Static Routes in there DHCP server. Normal DHCP default gateway setting is configured using 003 Router. Once I configured a default gateway on a vlan using 003 Router I was able to provision across vlans, browse across, and administer using ISV console. vPro appears to have an issue handling the 249 Route option so the customer will need to develop a plan possibly using manual IP configuration.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.