cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
5
Helpful
4
Replies

Management for External Switch

Mokhalil82
Level 4
Level 4

Hi

I have 2 sites that are approx a mile apart. Both sites are connected using single mode fiber. There is an ISP managed router at each site providing active/standby failover using HSRP. Please see attached diagram. 

I am installing an external switch at each site (shown in red) which will be running the L2 VLAN for the HSRP failover that the ISP is using. Now in regards to management access to these switches from my internal network, I could use a public IP (in black) from the range that I have as the management IP for each switch but that would be wasting my public IPs so I am think of using a private IP subnet (in red).

The routers will be reconfigured with sub-interfaces so I can get connectivity between my routers and these switches. The external switches to not have dedicated management ports. I want to know what my options may be.

I am thinking of the following solutions:

Solution 1 - Use a static route on the core switches of ip route 192.168.10.0 255.255.255.240 x.x.x.x where this route point out towards the external switches. So routing the management traffic out to these external switches

Solution 2 - Creating a VLAN interface on each internal core switch with an IP address from the 192.168.10.0 subnet, then connecting a cable directly to these external switches so bypassing the firewall and then just allowing the single management vlan across this link. So this will just be an access VLAN. 

Solution 1 means mixing management traffic with internet traffic. Not sure how secure solution 2 is. Does anyone have any other recommendation or can I employ one of these solutions. Or is this a case of me having to use my public IPs for management. Im sure these may be common scenarios, so just trying to see what the solution for management access is.

 

Thanks

 

1 Accepted Solution

Accepted Solutions

So i recommend the solution 2 this way you don't dependent on others device like firewall (thinking in cases of disaster)  but as i said thought

 

Gus Magno

View solution in original post

4 Replies 4

gmagno001
Level 1
Level 1

thought

Regards

Gus Magno.

Hi Gus

I am inside the site. So I would be coming off an access layer switch connected to the core switch at site 1. 

 

So i recommend the solution 2 this way you don't dependent on others device like firewall (thinking in cases of disaster)  but as i said thought

 

Gus Magno

Thanks for the advice Gus. OOB is always a good idea so I will be considering that but that would be a whole different discussion with management and a different project. For now I'm just trying to ensure these switches are installed and management setup. But OOB management is something this network definitely needs.

Thanks 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: