Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4710
Views
0
Helpful
2
Replies

Management Network Best Practice

Go to solution
Mokhalil82
Level 4
Level 4

‎01-19-2016 11:30 PM - edited ‎03-08-2019 03:28 AM

Hi

I am designing a new network for one of our offices, that will consist of a router that connects into the ISP, then on the LAN side the router connects into the core switch which has all the access switches branching off it.

                     Router

                          |

                Core Switch

                |                  |

         Access Sw    Access Sw

To ensure best practices are followed, I am trying to decide how to setup the management network.

Initial thoughts were just to have a management subnet and assign all devices an IP from that subnet, so management traffic travels on the same links as other traffic.

I am also considering connecting a management switch to the router, which will be separate from all other traffic and then this switch will only have management links to all devices, which allows me to perform maintenance on the network remotely without worrying about getting disconnected if I shut down a certain port. 

Any advice will be appreciated

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-20-2016 12:51 AM

Hey this is just an option take from it what you want its just the way I have seen some done , have as you said separate switch connecting into direct mgmt ports on separate mgmt. subnet and if its remote office connect up a serial console switch backdoor gsm as well for lights out access, connect your mgmt. switch to a small firewall , have all mgmt. traffic on each device sourced from specific mgmt. interface ntp/syslog/netflow/tacacs  etc and use default gateway as fw to process it, use vrfs under the l3 device mgmt. interfaces where possible , that way your mgmt. traffic is secured on separate network from prod traffic as much as can be.Anyway that might be overkill for such a small network above but if its highly critical traffic you should try cover it as much as possible

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-20-2016 12:51 AM

Hey this is just an option take from it what you want its just the way I have seen some done , have as you said separate switch connecting into direct mgmt ports on separate mgmt. subnet and if its remote office connect up a serial console switch backdoor gsm as well for lights out access, connect your mgmt. switch to a small firewall , have all mgmt. traffic on each device sourced from specific mgmt. interface ntp/syslog/netflow/tacacs  etc and use default gateway as fw to process it, use vrfs under the l3 device mgmt. interfaces where possible , that way your mgmt. traffic is secured on separate network from prod traffic as much as can be.Anyway that might be overkill for such a small network above but if its highly critical traffic you should try cover it as much as possible

0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to Mark Malone

‎01-20-2016 11:02 AM

Thanks Mark, that's the sort of info I was after from someone who has seen or experienced management setups. I have done some research into it today and the option are now clearer.

0 Helpful
Customers Also Viewed These Support Documents