Switch management IP address

My question is if I have two vlans setup on a switch, for instance, VLAN 10 and VLAN 20. I know that each VLAN will be in a different subnet. Now, when I want put an IP address on the management interface so I can telnet from elsewhere, do I put an IP address from one of the subnets I already created with VLAN 10 and 20 or do I create another subnet? I think it would be a waste of a subnet to just create one for the management interface.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dead_p00l

There are numerous ways of doing this. Most networks that I work with we have a Management subnet for all devices associated with a management vlan. Every new device automatically gets management vlan and management IP assigned to it.

NetworkVeteran

mallyg27 wrote: »

I think it would be a waste of a subnet to just create one for the management interface.

You say that as if a subnet is a precious resource. There are many, many private addresses. It's not an issue in most cases. And there often are security and stability advantages to a separate management subnet.

Forsaken_GA

Well, I assume you're putting an address on the vlan interfaces that you're creating. If so, each one of them is a 'management' interface potentially. Which one actually is depends entirely on your policy. If you only want to allow connections from one particular subnet, then apply an access list to the switches vty lines reflecting that.

mallyg27

NetworkVeteran wrote: »

You say that as if a subnet is a precious resource. There are many, many private addresses. It's not an issue in most cases. And there often are security and stability advantages to a separate management subnet.

Ok thanks. I just make another subnet for vlan 1.

Forsaken_GA

mallyg27 wrote: »

Ok thanks. I just make another subnet for vlan 1.

You understand that you are not required to use vlan 1 as a management vlan, correct? As a matter, it's highly discouraged to do so.

mallyg27

Forsaken_GA wrote: »

You understand that you are not required to use vlan 1 as a management vlan, correct? As a matter, it's highly discouraged to do so.

Yes I understand that. I assume the only time I should use VLAN1 is pretty much for something like an administrative group. Am i correct.

NetworkVeteran

mallyg27 wrote: »

Yes I understand that. I assume the only time I should use VLAN1 is pretty much for something like an administrative group. Am i correct.

Most shops won't use VLAN 1 for a administrative traffic, and Cisco discourages the practice.

It's a security concern. Some reasons will be clearer if you take CCNP/Switch.