Management VLAN Design
colink24
Member Posts: 43 ■■□□□□□□□□
in CCNA & CCENT
I have a quick poser regarding addressing for your management vlan.
Lets assume you have several small offices, each using a /24 network. You want to have a seperate vlan for management outside of your data vlan, lets say vlan 200 or whatever. You want to assign an IP address to this for remote management. What would be the best way to achieve this, using the best use of addressing you can. Can you assign a /32 address to each device, for management only?
So lets say you have 10 different offices, you could use
192.168.10.1 255.255.255.255 - Office 1
192.168.10.2 255.255.255.255 - Office 2
And so on....I am assuming this would be a good practice? Thx in advance
Lets assume you have several small offices, each using a /24 network. You want to have a seperate vlan for management outside of your data vlan, lets say vlan 200 or whatever. You want to assign an IP address to this for remote management. What would be the best way to achieve this, using the best use of addressing you can. Can you assign a /32 address to each device, for management only?
So lets say you have 10 different offices, you could use
192.168.10.1 255.255.255.255 - Office 1
192.168.10.2 255.255.255.255 - Office 2
And so on....I am assuming this would be a good practice? Thx in advance
Comments
-
Stotic
Member Posts: 248
How many management IPs are you going to need at each site? It looks like you're trying to design an OOB network that is dispersed physically and logically (if you're using IPSec tunnels). I'd recommend just using a /32 within each site's local subnet. Put it on a loopback and advertise it out.
-
colink24
Member Posts: 43 ■■□□□□□□□□
How many management IPs are you going to need at each site? It looks like you're trying to design an OOB network that is dispersed physically and logically (if you're using IPSec tunnels). I'd recommend just using a /32 within each site's local subnet. Put it on a loopback and advertise it out.
Thanks for the reply. I am open to suggestions. This is just what I thought would be best use of address space, I could be wrong. The network is ISP provided over IPVPN tunnels (any-any).
Also, you mention sticking it on a loopback. Why cant I just use this /32 for the interface vlan1 (for example) then advertise it out? -
Stotic
Member Posts: 248
Well you can assuming that your router is a layer 3 switch. It is never recommended to use VLAN 1 (security issue). You'd have to create a new layer 2 vlan, a new SVI, assign a /32 to the SVI, then advertise it into your routing protocol. If you have any other network devices on site, you can trunk this vlan to them.
-
colink24
Member Posts: 43 ■■□□□□□□□□
Well you can assuming that your router is a layer 3 switch. It is never recommended to use VLAN 1 (security issue). You'd have to create a new layer 2 vlan, a new SVI, assign a /32 to the SVI, then advertise it into your routing protocol. If you have any other network devices on site, you can trunk this vlan to them.
Thanks once again. I am pretty happy with the way it will work, I was more unsure of sticking a /32 on a management interface. I will use a L3 switch but I will not enable IP routing. I will shutdown vlan1 (as you rightly so, this is not used for security) then bring up a new vlan and assign an address to this.
Thanks for the input