11-16-2016 01:36 PM - edited 03-08-2019 08:11 AM
We have been using VLAN 1 forever as our device management VLAN. In trying to move off the native VLAN and into what I have been told is best practice, I am trying to setup switch IPs on the management port, on my 2960 devices it is F0.
I created a SVI for VLAN 57 on our 6509. The address is: 10.1.2.1. It is up and can ping itself.
I then gave the F0 management interface on my 2960 an IP address of 10.1.2.21. It is up and can ping itself.
However, 10.1.2.1 and 10.1.2.21 cannot ping each other.
Is there anything obvious with the F0 management port that will not allow this?
Below is the core setup and the access switch setup after.
*** Core Switch SVI ***
interface Vlan57
description Book Club
ip address 192.168.2.1 255.255.255.0
no ip redirects
end
*** Access switch access port ****
interface GigabitEthernet1/0/46
switchport access vlan 57
switchport access mode
end
*** Access switch management port ***
interface FastEthernet0
ip address 192.168.2.21 255.255.255.0
The access switch F0 port is plugged into access port G1/0/46.
The access switch is directly connected to the core via fiber trunk port.
11-17-2016 08:40 AM
Your configs look correct. I am not sure what type of 2960 switche you have, but in most new devices the out of band management port is in a separate vrf. So, if you are pinging from the 2960 you need to include the vrf name
example:
ping vrf Mgmt-vrf 192.168.2.1
You don't need any vrf if you are pinging from the core switch.
You also need to add the vrf name to the management port on the 2960.
vrf forwarding Mgmt-vrf
HTH
11-21-2016 10:07 AM
Just so I am clear, there is no reason a 10.1.4.0/24 network that has SVI on the core (10.1.4.1) should not be able to ping my 192.168.2.0/24 network that has an SVI on the core (192.168.2.1).
I planned on giving all the management ports for my Cisco devices a 192.168.2.0 address. I want to be able to ping and putty into them from my 10.1.4.0/24 network.
Right now my core can ping one of the access layer switches (2960-S), but not two others.
11-21-2016 10:26 AM
Just so I am clear, there is no reason a 10.1.4.0/24 network that has SVI on the core (10.1.4.1) should not be able to ping my 192.168.2.0/24 network that has an SVI on the core (192.168.2.1).
That is correct. It should work fine since the 6500 series has routing enabled by default. So, you should be able to ping from any 192.168.2.0/24 address to any 10.1.4.0/24 address as long as they both have SVIs on the switch and they are up and running. The 6500 will route from one SVI to another.
HTH
11-21-2016 10:43 AM
Just one more thing, if you are pinging any of these addresses from the OOB port, you need to use the vrf name with IP.
HTH
11-28-2016 12:26 PM
One more question. This one may be silly..I have configured a trunk port back to my L3 core, do I need to plug the management port into a port on the switch itself? So does the management port get plugged into one of my access ports that is assigned VLAN 57?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide