07-26-2009 09:08 PM - edited 03-06-2019 06:57 AM
Hi everybody!
I have this question .
let say we have a distribution switch sw2 which is providing communication between two vlans, 1, and 2 which exist on access switch ,sw1.
Is it possible to use int vlan 1(1.1.1 on sw2 as management int to manage sw2 while at the same time hosts in vlan 1 are using 1.1.1.1(int vlan 1) as their default gateway ?
thanks a lot
Solved! Go to Solution.
07-27-2009 01:17 AM
Hello Sarah,
generally speaking the answer is yes but it is not recommended.
First of all, because it could allow end users to try to access the switch management.
Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.
For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.
Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets
Security best practice suggests to do not use vlan1 (the default vlan) at all.
Hope to help
Giuseppe
07-27-2009 07:31 AM
Sarah
It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.
If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.
If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.
But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.
Jon
07-27-2009 08:16 AM
Sarah
"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.
Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.
Jon
07-27-2009 01:17 AM
Hello Sarah,
generally speaking the answer is yes but it is not recommended.
First of all, because it could allow end users to try to access the switch management.
Second because any issue in client vlan could cause problems in accessing devices when it is very important to be able to access them to see what it is happening.
For example if a broadcast storm is happening on client vlan users are affected but if switch management ip address is in a different vlan it may be possible to access it.
Best practice is to use a separate ip subnet for network managements from client Vlans/ IP subnets
Security best practice suggests to do not use vlan1 (the default vlan) at all.
Hope to help
Giuseppe
07-27-2009 06:38 AM
Thanks Giuseppe.
just one more question if yo don't mind
Is it correct the best practice dictatates one vlan per access switch ?
07-27-2009 07:31 AM
Sarah
It depends on whether you are running L2 or L3 from the access-layer to the distribution layer.
If you are running L2 then often the access-layer switches are connected via trunks with multiple vlans going across them. Even if you limited the vlans to just one for user data you should really have a separate vlan for managing the switches as discussed already in this thread.
If you are running L3 from the access-layer then the switches will be L3 capable and then you only create the vlans you need on each switch. Management of the switch can be taken care of with a loopback interface so you do not need to worry about the management vlan.
But even with L3 it is common to have at least 2 vlans per switch, one for user data and one for VOIP.
Jon
07-27-2009 08:08 AM
Hi Jon.
Is it possible to configure loopback interface on L2 switch ?
Thanks and have a nice day !
07-27-2009 08:16 AM
Sarah
"Is it possible to configure loopback interface on L2 switch ?" - from memory no it isn't. The option is there ie. "int loopback 10" but the switch won't accept the command.
Note that this is for a L2 capable switch only. A L3 switch that is being used a L2 switch only will still allow you to create a loopback interface.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide