Outof banf mgmt

Arjun Dabol · ‎08-23-2017

HI

I have this digaram where i want OOB managment to be configured. means if some user wants to come from outside via FW and access my CORE switch.

Internet--->FW-->3750 mgmt switch--->core switch--->access layer.

for this purpose I want to create a L2 network between FW--3750 mgmt---CORE.

Can someone tell what config is needed on 3750 mgmt switch ? and how the traffic will flow till CORE.

Mark Malone · ‎08-23-2017

Hi

Put the ip of the MGMT subnet of the FW interface facing the 3750 create the vlan on the 3750 same subnet as FW interface obviuosly another ip in the same mgmt subnet range , make the port facing the FW in that vlan and also on the port facing the core switch , i persume this cable will then connect into the MGMT port on the core switch which will provide mgmt vlan connection from mgmt core to FW port you should be able to ping between both as on same subnet and the layer 2 vlan is allowed though between them

Now the acces switch i would think your better off connecting that directly to the 3750 from its own mgmt port back to the 3750 MGMT switch so it has direct connection , if not possible dont use the mgmt port but just use the mgmt vlan instead and connect it to the core switch again allowing vlan on both ports in between , so its still logically in the mgmt subnet

i have a mix of oob and mgmt vlan running like that through our fws and then we source all mgmt traffic on the local switches form the mgmt port or mgmt vlan whatever is in use , you will need obviiuosly need routing in place and defaults on the switches to the FW to process the traffic