Management vlan

joseph.steve · ‎11-10-2011

Hello

All our access switches are configured with default vlan IP ( i.e ) Vlan 1 - IP Range 192.168.1.0 255.255.255.0

On applying management vlan IP we dont have access to switches via telnet or ssh

how to secure the user-switch from accessing from default vlan ( vlan 1 )

*****************************************************

On 4506 we configured layer2 and layer3 vlan

******************************************************

vlan 1

name user

interface vlan 1

ip address 192.168.1.254 255.255.255.0

vlan 2

name management-vlan

interface vlan 2

ip address 10.1.1.254 255.255.255.0

interface giga 0/1

description connected to switch1

switchport trunk encapsulation dot1q

switchport mode trunk

interface giga 0/2

description connected to switch2

switchport trunk encapsulation dot1q

switchport mode trunk

interface giga 0/3

description connected to switch3

switchport trunk encapsulation dot1q

switchport mode trunk

****************************

on 2960 access switch

****************************

vtp mode client

vtp domain ICC

vtp password cisco

interface giga 0/0

switchport mode trunk

interface vlan 2

ip address 10.1.1.10 255.255.255.0

line vty 0 4

password cisco

Reza Sharifi · ‎11-10-2011

Hi,

You need to configure" switchport trunk encapsulation dot1q" on your 2960s since you already have it on the 4506.

Also, you need a default Gateway on your 2060 to be reachable for management access.

ip default-gateway 10.1.1.254

Don't use vlan 1 for user or management. Use a different vlan id.

vlan 2 user

vlan 20 management

HTH