Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
3
Helpful
2
Replies

Management port on a c3560g

cvf-reg2cis
Level 1
Level 1

‎08-29-2007 06:23 AM

Hello,

I have a 3560G used as a router. This switch is routing packets between untrusted networks.

I can connect to it using one of its operational IPs. But I am wondering if there would be a way to define a kind of management (IP or physical) interface which could be used only for management purposes (snmp, telnet, syslog).

There is this kind of management interface on a alteon 2208 for example, or on some juniper netscreen firewall (ISG1000). This management interface would have a separate routing table from the operation one.

In other words, I would like to completely separate the operation from the management fir the switch.

I hope this is clear enough.

Thanks

Best regards

Guillaume

Labels:
0 Helpful
2 Replies 2

Joe Clarke
Cisco Employee
Cisco Employee

‎08-29-2007 08:48 AM

For switches, we typically recommend you use a separate management VLAN for this purpose, and only put your designated management port or ports in this VLAN. In a sense, you now have physical ports that are isolated from the rest of the traffic flow on the device.

cvf-reg2cis
Level 1
Level 1
In response to Joe Clarke

‎08-30-2007 01:49 AM

It is a switch, but we use it as a router, with interface vlans. If I just configure a management vlan, and put my physical management port in this vlan, there may be routing between my operation network and my administration network, which is a security concern.

That's why I would like to forbid routing to and from this management interface vlan...

I hope this is clearer ?

Thanks a lot

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card