Managment VLAN

wrwiii122 · ‎07-13-2005

Why is there such a setting called managment VLAN? I can manage my switches from any VLAN even though it is set to VLAN2

cklomp · ‎07-13-2005

Where specificly did you see this reference? There used to be switches that needed their management interface on VLAN 1...

Rgds, Chris.

wrwiii122 · ‎07-13-2005

I did not read it but I have done it. You can chooses any VLAN(olny one) to be a management VLAN. But you can access any switch from any VLAN as long as it has an IP even if it is not set to the managment VLAN.

cklomp · ‎07-13-2005

Ok, now I know where you're coming from.

Yes, you are right you can do that.

However, it is considered good practice to segregate traffic.

For instance, if you have your switch at the same subnet as the users connected to your switch and one has a virus that creates a broadcast storm, you will likely lose access to your switch and cannot shutdown this user...

Or you might have a security policy in place that will not allow snmp traffic from your user segment to get to your switch...

Just two reasons of the top of my head, why you would prefer to have a separate VLAN for managing your switches.

HTH, Chris.

wrwiii122 · ‎07-13-2005

Ahhhhh I did't think about that. Thank You

steve.busby · ‎07-13-2005

Besides the excellent examples provided by Chris, I'd invite you to read the SAFE BluePrint titled Security Blueprint for Enterprise

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_design_guidances_list.html

HTH

Steve