09-14-2011 10:29 AM - edited 03-07-2019 02:13 AM
I'm looking for any suggestion as to what others have found to be a best practice to configure an IP address to 6509 running Layer 2.
I want to ssh 6509 from a host anywhere on my LAN.
Thanks in advance.
Rosa
Solved! Go to Solution.
09-14-2011 11:40 AM
That is fine. Even though the device is layer-2 only, you still need to have an IP address on the device in order to be able to SSH, Telnet, etc... to it..
If there is no IP, how else would connect using SSH or telnet to the device?
Reza
09-14-2011 04:39 PM
Rosa
Just to add. If a switch has one L3 vlan interface (SVI ) it does not mean it is routing. L2 switches use an SVI for managment purposes but they don't route traffic, at least not in the way we generally refer to routing. When a switch is L2 only for connecting to and from the switch it acts simply as an end host would ie. with an IP address and a default-gateway.
The default-gateway is important if you want to connect from a different vlan and you probably would as the switch management vlan should not be used by clients. So from the example above where vlan 10 SVI on the 6500 is 10.10.10.1, if you wanted to telnet/ssh to the switch from another vlan then you would need a default-gateway added to the 6500. The default-gateway would be the IP address of the vlan 10 SVI on the L3 switch that is routing for vlan 10 (this is obviously not the 6500 we are talking about here).
Jon
09-14-2011 06:48 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Besides what the others have already described (short version, a L2 switch management address is basically its "host" address) and can be placed on any VLAN/subnet that reachable from other VLANs/subnets, you might want a dedicated vlan/subnet for management IPs. This then also allows additional security to be applied.
09-14-2011 11:12 AM
Rosa,
If the 6509 is layer-2 only, then you need to configure an SVI for the management subnet so you can SSH to it.
example
vlan 10
name mgmt
interface vlan 10
ip 10.10.10.1 255.255.255.0
You need to add this vlan to all your trunks and also create it in all your switches (with different IP address but same segment) That is your mgmt subnet and vlan for you to SSH, telent,etc...
HTH
09-14-2011 11:34 AM
Reza, in your example vlan 10 is routing (because it has an IP address) even thoutgh 6509 is a layer 2 swtich ?
Thanks
Rosa
09-14-2011 11:40 AM
That is fine. Even though the device is layer-2 only, you still need to have an IP address on the device in order to be able to SSH, Telnet, etc... to it..
If there is no IP, how else would connect using SSH or telnet to the device?
Reza
09-14-2011 11:46 AM
Thanks a lot.
Regards,
Rosa
09-14-2011 04:39 PM
Rosa
Just to add. If a switch has one L3 vlan interface (SVI ) it does not mean it is routing. L2 switches use an SVI for managment purposes but they don't route traffic, at least not in the way we generally refer to routing. When a switch is L2 only for connecting to and from the switch it acts simply as an end host would ie. with an IP address and a default-gateway.
The default-gateway is important if you want to connect from a different vlan and you probably would as the switch management vlan should not be used by clients. So from the example above where vlan 10 SVI on the 6500 is 10.10.10.1, if you wanted to telnet/ssh to the switch from another vlan then you would need a default-gateway added to the 6500. The default-gateway would be the IP address of the vlan 10 SVI on the L3 switch that is routing for vlan 10 (this is obviously not the 6500 we are talking about here).
Jon
09-15-2011 05:59 AM
Thanks you.
Regards,
Rosa
09-14-2011 06:48 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Besides what the others have already described (short version, a L2 switch management address is basically its "host" address) and can be placed on any VLAN/subnet that reachable from other VLANs/subnets, you might want a dedicated vlan/subnet for management IPs. This then also allows additional security to be applied.
09-15-2011 05:59 AM
Thanks.
Regards,
Rosa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide