Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
10
Helpful
7
Replies

Management VLAN IPS routing problems.

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎03-07-2018 12:04 PM - edited ‎03-08-2019 02:10 PM

So I have to configure interfaces to use for network device management.

Not doing true OOBM but I created a dedicated managements subnet:

10.10.10.X / SVI 10/ g0/1.10 on Router

Ok for one since I have to use a different subnet to connect my router to my FW, I am using a mgmt. subnet of 10.10.20.X since I get overlap if I use 10.10.10 for interfaces connecting to FW.

Is there a way around to use same subnet for all mgmt. address on all devices? I would like to configure loopbacks for mgmt.

See diagram.

 

Labels:
Preview file
16 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to CiscoPurpleBelt

‎03-09-2018 07:06 AM

Yes. I am saying that if you want the firewall management address to be in the 10.10.10 subnet then you would connect a cable to the firewall management interface (assuming that it has a physical interface designated for management) and that cable to a switch port that is assigned to the vlan for management.

 

HTH

 

Rick

HTH

Rick

View solution in original post

7 Replies 7

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-07-2018 01:54 PM

I think I understand the part of your diagram showing devices and interfaces with IP addressing. I hope that the address on the firewall has a typo since its address seems to have 5 octets. I do not understand the numbers below the devices. It would seem perhaps to reflect default routes. It makes sense that the default route for the switch should be 10.10.10.1 (address of the router) but I am puzzled about the default on the router. where is 10.1.10.10? And I am a bit unclear about the default on the firewall which does not show a next hop.

 

I am a bit surprised that the diagram shows the connection from switch to router being on a physical interface. I would have expected that the connection would be a trunk for multiple vlans and that the router would have a subinterface. But perhaps that is a detail not important in the diagram.

 

What is not clear in the diagram is what you intend to do about management address of the firewall. Do you want an interface for management separate from the interface for data? If so how will that be connected? Or for the firewall will you use the address for the data connection to also provide management access?

 

If management access for the firewall will share the address of the data interface then it simplifies things. And it makes clear that the subnet for management access to the firewall must be separate from the router management address for the switches.

 

If you want the management address for the firewall to be separate from the data interface then perhaps the management interface for the firewall can be connected to one of your switches and assigned to the vlan for management - thus allowing the firewall management to be in the same subnet as switch management.

 

So the key question here is whether management access for the firewall will be on its own separate interface or will it be combined with data?

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Richard Burts

‎03-08-2018 01:59 PM

Sorry made diagram very fast.

Yes it is a trunk with sub interface from Router to switch.
Sorry typo. Default route for router is the FW 10.10.20.2 address.
Default route for the FW is the 20.10.10.2 Edge (farther right router).

Yes all management addresses must be separate from user/data traffic ect.
If possible, I would like a management IP in same 10.10.10.X subnet as the router and switch assessable at the FW and farther right (edge router). Is that possible? Are you saying connect a cable from switch to the MGMT port on the FW?
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to CiscoPurpleBelt

‎03-09-2018 07:06 AM

Yes. I am saying that if you want the firewall management address to be in the 10.10.10 subnet then you would connect a cable to the firewall management interface (assuming that it has a physical interface designated for management) and that cable to a switch port that is assigned to the vlan for management.

 

HTH

 

Rick

HTH

Rick

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Richard Burts

‎03-09-2018 07:51 AM

Yes I did that I still can't ping the mgmt. IP on the FW. Have a cable from that MGMT port to the switch and put switchport in mgmt. VLAN.
0 Helpful

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Richard Burts

‎03-09-2018 07:53 AM

I think I see a problem. I have to reconfigure my FW interface.
0 Helpful

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Richard Burts

‎03-09-2018 07:57 AM

Works! Thanks for all your help!!
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to CiscoPurpleBelt

‎03-09-2018 09:21 AM

Thanks for posting back to the forum to confirm that you have solved the problem and that it is now working as you want. I am glad that my suggestions pointed you in the right direction. Thank you for marking this question as solved. This will help other readers in the forum to identify discussions which have helpful information.

 

HTH

 

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card