10-30-2013 11:45 AM - edited 03-07-2019 04:20 PM
Scenario:
Vlan1 is not being used. It is shutdown on all network switches. My network is using the IP addresses from the Vlan 410 interface as the management IP. The switch in question is a Cat 3750G configured as a layer 3 switch (IP routing is enabled). This is the core switch in my network. There are 7 Vlans configured on the switch starting with Vlan 169. My problem is this switch is using the IP address from the Vlan 169 interface as the management address rather than the address from the 410 interface. How can I force the switch to use the Vlan 410 interface IP as the management IP? Note: this is not a trunking issue so native Vlan configuration has no bearing in this scenario. All other switches on the network have only 1 Vlan interface and it is Vlan 410 so they are all using the IP on the Vlan 410 interface by default.
10-30-2013 12:15 PM
Can you help me understand how you determine which of the active vlan interfaces on your 3750G is the "management" interface? It seems to me that for a layer 3 switch with multiple active layer 3 interfaces that any of the active vlan interfaces can be used to manage the switch.
Or perhaps another way of asking my question is to ask what problem does it create if the switch uses the address from vlan 169 rather than the address of vlan 410?
HTH
Rick
10-30-2013 12:31 PM
The core switch in question is at a remote site. The layer 3 switch at my location has an ACL that only allows the managment IP subnet across the WAN. Since this swtich is using the wrong interface it is being denied when I try to ping or telnet. I know there are other ways around the issue, but I'd rather fix it if possible rather than do a work around. Also you can see which interface is being used as the management interface using CDP detail from a neighboring switch.
10-30-2013 12:47 PM
Can you tell us a bit about the routing on the remote switch that is using the address of vlan 169 and not 410? Your symptoms sort of suggest that the routing from that switch to the WAN might be using a next hop out of vlan 169 rather than out of 410, which would cause that switch to use a source address from vlan 169.
Depending on what kind of traffic is coming over the WAN and being examined by your access list you might try configuring protocols which allow it to use the vlan 410 address as source (for example logging source-address, ip tftp source-address, ip tacacs source-interface, ntp source, etc).
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide