Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
6764
Views
0
Helpful
4
Replies

Management VLAN on layer 2 and layer 3 switch

Go to solution
Martin0011
Level 1
Level 1

ā€Ž03-03-2013 09:26 AM - edited ā€Ž03-07-2019 12:01 PM

Hello,

I am having trouble configuring a management vlan (vlan10). What I would like to accomplish is to be able to telnet to a layer2 or layer3 switch for managment. I know that on a layer2 you need to define an ip address on the vlan interface. This is where my confusion begins.

At the moment the layer 3 switch is configured as server in VTP mode and the layer2 as client. The layer3 switch just does routing and all the vlan's and appropriate IP's are defined on it. The layer2 switch has a default-gateway defined as the interface of the layer3 switch.

If i define vlan10 on the layer3 switch and give it an IP address of 10.10.65.2, that IP is essentially the gateway to the layer3 switch and can be used for remote management.

What I would like to do is give the layer2 switch an IP address in the same vlan10 to be used for managment, something like 10.10.65.1.

Up until now the configuration we had was that vlan10 was defined on the layer3 switch as 10.10.65.2, and on the layer2 switch we also had an entry for vlan10 with ip 10.10.65.1. To be honest I am not even sure that was the right configuration. We were able to telnet to 10.10.65.2 from a different vlan but not to 10.10.65.1 or even be able to ping it. It was however possible to telnet to 10.10.65.1 from the layer3 switch directly.

In a single switch environment I understand how to setup the ability to telnet to a switch but my confusion arises when trying to configure switch IP's in a layer2 and layer3 intervlan routing environment. Could someone please tell me what I'm doing wrong or what I need to do to be able to have both the layer 2 and layer 3 switch configured with an IP address in the same vlan and be able to telnet to them, thank you.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

ā€Ž03-03-2013 09:47 AM

It sounds like you were missing a default gateway on the L2 switch originally. With a l2 switch, you can't use an "ip route" statement. Instead, you'd use the "ip default-gateway" configuration. This is why the L3 could telnet (because it was local) but nothing else because the l2 switch didn't know where to send the traffic. Your original configuration looks right. The L2 and L3 switch both need vlan 10 and on the trunk. Set the "ip default-gateway 10.10.65.2" on the L2 switch and you should be good. Remember that if you specify a vlan, the vlan needs to be accessible and created across all switches that the traffic needs to traverse. If you have 3 switches and the first and last switch have vlan 10, vlan 10 also needs to be on the middle switch if you need to get traffic from the last to the first.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž03-03-2013 09:49 AM

Hi,

you can do what you suggested that is have a vlan interface on the layer 2 switch and on the layer 3 but on the layer 2 you must have the default-gateway as the vlan ip of the layer 3 as you suggested

Regards

Alain

Up until  now the configuration we had was that vlan10 was defined on the layer3  switch as 10.10.65.2, and on the layer2 switch we also had an entry for  vlan10 with ip 10.10.65.1. To be honest I am not even sure that was the  right configuration. We were able to telnet to 10.10.65.2 from a  different vlan but not to 10.10.65.1 or even be able to ping it. It was  however possible to telnet to 10.10.65.1 from the layer3 switch  directly. - See more at:  https://supportforums.cisco.com/thread/2202865?tstart=0#sthash.JdSlVI7g.dpuf

Up until  now the configuration we had was that vlan10 was defined on the layer3  switch as 10.10.65.2, and on the layer2 switch we also had an entry for  vlan10 with ip 10.10.65.1. To be honest I am not even sure that was the  right configuration. We were able to telnet to 10.10.65.2 from a  different vlan but not to 10.10.65.1 or even be able to ping it. It was  however possible to telnet to 10.10.65.1 from the layer3 switch  directly. - See more at:  https://supportforums.cisco.com/thread/2202865?tstart=0#sthash.JdSlVI7g.dpuf

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
John Blakley
VIP Alumni
VIP Alumni

ā€Ž03-03-2013 09:47 AM

It sounds like you were missing a default gateway on the L2 switch originally. With a l2 switch, you can't use an "ip route" statement. Instead, you'd use the "ip default-gateway" configuration. This is why the L3 could telnet (because it was local) but nothing else because the l2 switch didn't know where to send the traffic. Your original configuration looks right. The L2 and L3 switch both need vlan 10 and on the trunk. Set the "ip default-gateway 10.10.65.2" on the L2 switch and you should be good. Remember that if you specify a vlan, the vlan needs to be accessible and created across all switches that the traffic needs to traverse. If you have 3 switches and the first and last switch have vlan 10, vlan 10 also needs to be on the middle switch if you need to get traffic from the last to the first.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž03-03-2013 09:49 AM

Hi,

you can do what you suggested that is have a vlan interface on the layer 2 switch and on the layer 3 but on the layer 2 you must have the default-gateway as the vlan ip of the layer 3 as you suggested

Regards

Alain

Up until  now the configuration we had was that vlan10 was defined on the layer3  switch as 10.10.65.2, and on the layer2 switch we also had an entry for  vlan10 with ip 10.10.65.1. To be honest I am not even sure that was the  right configuration. We were able to telnet to 10.10.65.2 from a  different vlan but not to 10.10.65.1 or even be able to ping it. It was  however possible to telnet to 10.10.65.1 from the layer3 switch  directly. - See more at:  https://supportforums.cisco.com/thread/2202865?tstart=0#sthash.JdSlVI7g.dpuf

Up until  now the configuration we had was that vlan10 was defined on the layer3  switch as 10.10.65.2, and on the layer2 switch we also had an entry for  vlan10 with ip 10.10.65.1. To be honest I am not even sure that was the  right configuration. We were able to telnet to 10.10.65.2 from a  different vlan but not to 10.10.65.1 or even be able to ping it. It was  however possible to telnet to 10.10.65.1 from the layer3 switch  directly. - See more at:  https://supportforums.cisco.com/thread/2202865?tstart=0#sthash.JdSlVI7g.dpuf

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
jawad-mukhtar
Level 4
Level 4
In response to cadet alain

ā€Ž03-03-2013 11:06 AM

Kindly Check

1. If its L3 Switch with ip 10.10.65.10.1 that you are using for l2 pupose disbale ip routing on that switch by using command no ip routing.

2. Configure default-gateway

3. Check Uplink are trunk or access vlans are allowed properly.

*** Do Rate All Helpful Posts***

Jawad
0 Helpful

Go to solution
Martin0011
Level 1
Level 1

ā€Ž03-04-2013 03:27 PM

John and Cadet, thank you very much for some helpful tips and clarifying this issue to me. Applied a change in the configuration today by defining a SVI on L2 with an IP that resides on that same subnet as the default-gateway of the said switch. I am now finally able to telnet to my L2 at the management vlan on 10.10.65.1 and most importantly didn't break anything else in the process. The only thing remaining now is to apply some access lists to truly isolate it.

Once again, thank you very much for a great advice.

Kind Regards,

Marcin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card