Options

Switch management IP address

mallyg27mallyg27 Member Posts: 139
in CCNA & CCENT
My question is if I have two vlans setup on a switch, for instance, VLAN 10 and VLAN 20. I know that each VLAN will be in a different subnet. Now, when I want put an IP address on the management interface so I can telnet from elsewhere, do I put an IP address from one of the subnets I already created with VLAN 10 and 20 or do I create another subnet? I think it would be a waste of a subnet to just create one for the management interface.
· Share on FacebookShare on Twitter

Comments

  • Options
    dead_p00ldead_p00l Member Posts: 136
    There are numerous ways of doing this. Most networks that I work with we have a Management subnet for all devices associated with a management vlan. Every new device automatically gets management vlan and management IP assigned to it.
    This is our world now... the world of the electron and the switch, the
    beauty of the baud.
    · Share on FacebookShare on Twitter
  • Options
    NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    mallyg27 wrote: »
    I think it would be a waste of a subnet to just create one for the management interface.
    You say that as if a subnet is a precious resource. There are many, many private addresses. It's not an issue in most cases. And there often are security and stability advantages to a separate management subnet.
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    Well, I assume you're putting an address on the vlan interfaces that you're creating. If so, each one of them is a 'management' interface potentially. Which one actually is depends entirely on your policy. If you only want to allow connections from one particular subnet, then apply an access list to the switches vty lines reflecting that.
    · Share on FacebookShare on Twitter
  • Options
    mallyg27mallyg27 Member Posts: 139
    NetworkVeteran wrote: »
    You say that as if a subnet is a precious resource. There are many, many private addresses. It's not an issue in most cases. And there often are security and stability advantages to a separate management subnet.

    Ok thanks. I just make another subnet for vlan 1.
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    mallyg27 wrote: »
    Ok thanks. I just make another subnet for vlan 1.

    You understand that you are not required to use vlan 1 as a management vlan, correct? As a matter, it's highly discouraged to do so.
    · Share on FacebookShare on Twitter
  • Options
    mallyg27mallyg27 Member Posts: 139
    Forsaken_GA wrote: »
    You understand that you are not required to use vlan 1 as a management vlan, correct? As a matter, it's highly discouraged to do so.

    Yes I understand that. I assume the only time I should use VLAN1 is pretty much for something like an administrative group. Am i correct.
    · Share on FacebookShare on Twitter
  • Options
    NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    mallyg27 wrote: »
    Yes I understand that. I assume the only time I should use VLAN1 is pretty much for something like an administrative group. Am i correct.
    Most shops won't use VLAN 1 for a administrative traffic, and Cisco discourages the practice.

    It's a security concern. Some reasons will be clearer if you take CCNP/Switch.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.