cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1104
Views
0
Helpful
5
Replies

Management Port

oneirishpollack
Level 1
Level 1

We have been using VLAN 1 forever as our device management VLAN. In trying to move off the native VLAN and into what I have been told is best practice, I am trying to setup switch IPs on the management port, on my 2960 devices it is F0.

I created a SVI for VLAN 57 on our 6509. The address is: 10.1.2.1. It is up and can ping itself.

I then gave the F0 management interface on my 2960 an IP address of 10.1.2.21. It is up and can ping itself.

However, 10.1.2.1 and 10.1.2.21 cannot ping each other.

Is there anything obvious with the F0 management port that will not allow this?

Below is the core setup and the access switch setup after.

*** Core Switch SVI ***

interface Vlan57
description Book Club
ip address 192.168.2.1 255.255.255.0
no ip redirects
end

*** Access switch access port ****

interface GigabitEthernet1/0/46

switchport access vlan 57

switchport access mode

end

*** Access switch management port ***

interface FastEthernet0

ip address 192.168.2.21 255.255.255.0

The access switch F0 port is plugged into access port G1/0/46.

The access switch is directly connected to the core via fiber trunk port. 

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Your configs look correct.  I am not sure what type of 2960 switche you have, but in most new devices the out of band management port is in a separate vrf.  So, if you are pinging from the 2960 you need to include the vrf name

example:

ping vrf  Mgmt-vrf 192.168.2.1

You don't need any vrf if you are pinging from the core switch.

You also need to add the vrf name to the management port on the 2960.

vrf forwarding Mgmt-vrf

HTH

Just so I am clear, there is no reason a 10.1.4.0/24 network that has SVI on the core (10.1.4.1) should not be able to ping my 192.168.2.0/24 network that has an SVI on the core (192.168.2.1). 

I planned on giving all the management ports for my Cisco devices a 192.168.2.0 address. I want to be able to ping and putty into them from my 10.1.4.0/24 network. 

Right now my core can ping one of the access layer switches (2960-S), but not two others.

Just so I am clear, there is no reason a 10.1.4.0/24 network that has SVI on the core (10.1.4.1) should not be able to ping my 192.168.2.0/24 network that has an SVI on the core (192.168.2.1). 

That is correct. It should work fine since the 6500 series has routing enabled by default. So, you should be able to ping from any 192.168.2.0/24 address to any 10.1.4.0/24 address as long as they both have SVIs on the switch and they are up and running.  The 6500 will route from one SVI to another.

HTH

Just one more thing, if you are pinging any of these addresses from the OOB port, you need to use the vrf name with IP.

HTH

One more question. This one may be silly..I have configured a trunk port back to my L3 core, do I need to plug the management port into a port on the switch itself? So does the management port get plugged into one of my access ports that is assigned VLAN 57?

Review Cisco Networking for a $25 gift card