cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
5
Helpful
4
Replies

Management VLAN???

Desmond Smith
Level 1
Level 1

I have a 2911 router connected to a 3750 switch. I have configured vlan interfaces on the 2911 router:

Router                                                                                Switch

Vlan interfaces                                                                Vlan 89 (89.2)

Vlan 80 (80.1)

Vlan 88 (88.1)

The questionable vlan

Vlan 89 (89.1)               

Int Gi0/0 (Trunk to Switch)                                            Int Gi0/24 (Trunk to Router)

Question:

I am using the vlan 89 (89.2) as the management ip address for me to remotely get to the switch. Is this a proper configuration or could this cause issues in the future.

Thanks in advance,

Desmond

4 Replies 4

Gregory Snipes
Level 4
Level 4

Using a separate VLAN for managment traffic is 100% correct. You should always try to isolate management from user traffic as much as possible and the fact that you did not use VLAN 1 for it is even better.

Thanks for the reply  Greg!

I didnt know if there was another way to give the switch a management ip without assigning a virtual interface to the router side and assigning it an ip also, or is that the only way it will travel across the trunk?

Well, there is always another way, but this way is: practical, effective, and widely used. You could always implement a full out of band management network if you are highly concerned about security. Most people do just fine with in band though.

You can enhance the security of this solution by implementing access lists on both the router interface into the management subnet and the VTY lines of the switch. VLAN hopping attacks are still possible on the trunk but they are fairly tricky to pull off and generally require that you be physically connected to the switch and that it has not had its user ports hard set to access.

Thanks for the help Greg, great explanation!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: